Splunk Core Certified Power User Exam A+ Pass Verified

Splunk Core Certified Power User Exam A+ Pass Verified What is the only writeable bucket type? hot bucket warm bucket cold bucket - Answer- The hot bucket By what filter are indexes divided into buckets? by time by name by source by host - Answer- By time What are the 4 types of searches in Splunk (by performance) dense sparse super sparse rare super rare - Answer- Dense, Sparse, Super Sparse, Rare In searches, what is the scanCount? the number of scanned events for all searches the number of events scanned for that particular search none of the above - Answer- The number of events scanned for that particular search What are the requirement of the underlying search in order to get multi-series table? - Answer- The underlying search must use reporting search commands like chart or timechart What are the seven chart types? - Answer- Line, Area, Column, Bar, Bubble, Scatter and Pie What is a trait of scatter charts? - Answer- Can only show two dimensions. Shows trends in the relationsgip between discrete data values What is a trait of bubble charts? - Answer- Provides a visual way to view a three dimensional series What are two commonly used clauses for chart? - Answer- over and by What does the over and by clauses do when used with chart? - Answer- divides the data into sub-groupings (True/False) You can only split chart results over two dimensions - Answer- True chart and timechart commands automatically filter results to include how many values? - Answer- 10 What happens to surplus resulting values of chart and timechart commands? - Answer- They are grouped into other (True/False) Null values are not shown by default by chart and timechart - Answer- False What is always the value on the x-axis for timechart? - Answer- _time (True/False) Functions and arguments used with stats and chart can not be used with timechart - Answer- False (True/False) As with chart, it is possible to split timechart by two fields - Answer- False. It is only possible to split by one field What is the argument for adjusting sampling interval of timechart? - Answer- span What does the trendline command do? - Answer- allows you to overlay a computed moving average on a chart What is the syntax of the trendline command? - Answer- trendline <trendtype><period>(field) [AS newfield] What command can be used to look up and add location information to an event? - Answer- iploaction What information does the iplocation command include? - Answer- city, country, region, latitude and longitude What is the data-requirement for the geostats command? - Answer- Data must include latitude and longitude values These arguments are used to control column counts when using the geostats command - Answer- gloabllimit and locallimit This command is used to compute statisticalm functions and render a cluster map - Answer- geostats What command can be used to show relative metrics for predefined geographic regions? - Answer- geom (True/False) A sparkline is an inline chart, that can be added to timechart - Answer- True (True/False) Automatically totaling of every columns can be done by using the Format option - Answer- True This command can be used to add total of all or selected fields - Answer- addtotals the row option for addtotals does (if enabled) - Answer- create a column that contains numeric totals for each row the column option for addtotals does (if enabled) - Answer- create a row that contains numeric totals for each column What does the labelfield option for addtotals specify? - Answer- What field the label should be placed in (in general, this should be the leftermost and first field) The eval command can be used to - Answer- perform calculations, convert, round and format values, use conditional statements This command allows you to calculate and manipulate field values in your report - Answer- eval (True/false) Results of eval can be written to existing field - Answer- True What happens with a destination field value if the field is the same as the resulting field of the eval command? - Answer- The field value gets overwritten by the resulting value outputted from the eval command (True/False) Indexed data get modified after field values are overwritten by the eval command. - Answer- False This operator is used for concatenation - Answer- +. This function can be used to set the value of a field to the number of decimals you specify - Answer- round (True/False) The tostring function can be used with eval - Answer- True How can you use eval to format numeric field values to strings? - Answer- By adding characters to the field values What separator is used when having multiple expressions used with eval command? - Answer- comma If function used with eval: What is field value of SalesTerritory for a VendorID of 80000 in the following evaluation?: | eval SalesTerritory = if((VendorID >= 7000 AND VendorID <8000), "Asia", "Rest of the World") - Answer- "Rest of the World" (True/False) The search command treats field values in a case-insensitive manner - Answer- True (True/False) The where command treats field values in a case-insensitive manner - Answer- False (True/False) Unqouted or single-quoted strings are treated as fields. - Answer- True To be able to do wildcard searches with the where command, this operator must be used - Answer- like What is the fillnull value used for? - Answer- To replace null values in fields. Default replacement value is 0. What is a transaction? - Answer- A transaction is any group of related events that span time What is the syntax of the transaction command? - Answer- transaction field-list. field-list argument is a list of one or multiple fields. (True/False) Transaction command creates a single event from a group of events - Answer- True This field is produced by running the transaction command - Answer- duration - difference between timestamp of first and last event in the transaction What does the maxpan argument do when used for transaction? - Answer- Defines the maximum total time between the earliest and latest events