Splunk Core Certified Power User || Questions and 100%
Accurate Answers.
date_time always reflects your local time zone and not the time/date from raw events. correct
answers False
@timeUnit will always round up and go forward through time. correct answers False
_______ and _______ are the time modifiers that override the time range picker in a historical
report. correct answers earliest
latest
When using the following search arguments, what will be returned? | timechart count span=1h
correct answers chart events in 1 hour chunks
What will the strftime function return when using the %H argument? Select all that apply.
hour of the event generated at index time
convert the hour into your local time based on your time zone setting of your Splunk web
sessions
time of raw event in UTC correct answers convert the hour into your local time based on your
time zone setting of your Splunk web sessions
Using earliest=-30d@d latest=@d is how to return results from 30 days ago up until the time the
search was executed. correct answers False
latest=now()
Choose the search that will sort events into one minute groups. Select all that apply.
| bin _time span=1m
| bin _time span=1mins
| bin span=1minutes _time correct answers | bin _time span=1m
| bin _time span=1mins
| bin span=1minutes _time
Which of the following are default time fields? Select all that apply.
date_hour
date_day
date_year
date_mday correct answers date_hour
date_year
, date_mday
True or False: Specify a wildcard by using the * character with the where command. correct
answers False
You can only specify a wildcard by using the like function with the where command. The
percent ( % ) symbol is the wildcard the you use with the like function. See the like() evaluation
function.
The eval command calculates an expression and puts the resulting ____ into a new or existing
field. correct answers value
The where command interprets unquoted or single-quoted strings as _____ and double-quoted
strings as _____.
integers, field values
field values, fields
field, field values
field values, integers correct answers field
field values
What is the order of Boolean Expression of Evaluation for where and eval commands?
AND, OR, NOT, Expressions with parenthesis
Expressions with parenthesis, NOT, AND, OR
AND, NOT, Expressions with parenthesis, OR
NOT, AND, OR, Expressions with parenthesis correct answers Expressions with parenthesis
NOT
AND
OR
Which of the following functions can be used to filter null values?
isnotnull
usenull=f
isnull
usenull=t correct answers isnotnull
isnull
True of False: When using the eval command, all field values are treated in a case-sensitive
manner and must be double-quoted. correct answers True
Which of the following functions must be used with the in function? Select all that apply.
sum
case
Accurate Answers.
date_time always reflects your local time zone and not the time/date from raw events. correct
answers False
@timeUnit will always round up and go forward through time. correct answers False
_______ and _______ are the time modifiers that override the time range picker in a historical
report. correct answers earliest
latest
When using the following search arguments, what will be returned? | timechart count span=1h
correct answers chart events in 1 hour chunks
What will the strftime function return when using the %H argument? Select all that apply.
hour of the event generated at index time
convert the hour into your local time based on your time zone setting of your Splunk web
sessions
time of raw event in UTC correct answers convert the hour into your local time based on your
time zone setting of your Splunk web sessions
Using earliest=-30d@d latest=@d is how to return results from 30 days ago up until the time the
search was executed. correct answers False
latest=now()
Choose the search that will sort events into one minute groups. Select all that apply.
| bin _time span=1m
| bin _time span=1mins
| bin span=1minutes _time correct answers | bin _time span=1m
| bin _time span=1mins
| bin span=1minutes _time
Which of the following are default time fields? Select all that apply.
date_hour
date_day
date_year
date_mday correct answers date_hour
date_year
, date_mday
True or False: Specify a wildcard by using the * character with the where command. correct
answers False
You can only specify a wildcard by using the like function with the where command. The
percent ( % ) symbol is the wildcard the you use with the like function. See the like() evaluation
function.
The eval command calculates an expression and puts the resulting ____ into a new or existing
field. correct answers value
The where command interprets unquoted or single-quoted strings as _____ and double-quoted
strings as _____.
integers, field values
field values, fields
field, field values
field values, integers correct answers field
field values
What is the order of Boolean Expression of Evaluation for where and eval commands?
AND, OR, NOT, Expressions with parenthesis
Expressions with parenthesis, NOT, AND, OR
AND, NOT, Expressions with parenthesis, OR
NOT, AND, OR, Expressions with parenthesis correct answers Expressions with parenthesis
NOT
AND
OR
Which of the following functions can be used to filter null values?
isnotnull
usenull=f
isnull
usenull=t correct answers isnotnull
isnull
True of False: When using the eval command, all field values are treated in a case-sensitive
manner and must be double-quoted. correct answers True
Which of the following functions must be used with the in function? Select all that apply.
sum
case
