Splunk Core Power User Exam Solved

Splunk Core Power User Exam Solved Which of the following Regex operators can most severely impact performance, and may be considered "greedy"? . (period) * (asterisk) (backslash) + (plus sign) - Answer- * (asterisk) True or False: If you manually edit the regular expression in the Field Extractor Utility then you will not be able to go back to validate the results. - Answer- True True or False. Fields can be extracted only after indexing is complete. - Answer- False There are three ways to get to the Field Extractor (FX). Select all that apply. Settings menu Event Actions menu Auto-Extract Fields Workflow Fields sidebar - Answer- Settings menu Event Actions menu fields sidebar Which of the following character delimiters are supported for a delimited field extraction? tab space pipe comma - Answer- tab space pipe comma Which of the following statements are true about a Regex "capture"? Allows the Regex to be case insensitive Can be referenced with a given name using: ?<name> Captures a matching pattern Defined with a matching parantheses: () - Answer- Can be referenced with a given name using: ?<name> Captures a matching pattern Defined with a matching parantheses: () Which of the following strings match this Regular Expression: c.t c#t c.t cat c99t - Answer- c#t c.t cat When using regex for field extraction, what's the first thing you have to do in the Field Extractor? Set the Extractions Name and set permissions Provide a Field Name Select a value to extract Edit the regular expression - Answer- Select a value to extract Use this field extraction method when fields are separated by spaces, commas, or characters. rename field extractions delimited field extractions regex field extractions - Answer- delimited field extractions Which workflow actions require you to specify if the behavior should open in a new window or current window? Select all that apply. PUT POST Search GET - Answer- POST, GET Select all knowledge objects. lookups workflow actions users field aliases - Answer- lookups, workflow actions, field aliases When adding arguments to a macro, include the number of arguments in_____ Parentheses before the macro name Parentheses after the macro name Using the pipe function Dollar signs with the search definition - Answer- Parentheses after the macro name Which function is used to send field values externally in Workflow Actions? PUT Search POST GET - Answer- POST, GET If you have a tag label called "homeoffice" associated with the field/value pair system_ip=<your ip address>, when you run a search using the tag=homeoffice constraint, what events will be returned? field lookup table events from _internal events with the value of the system_ip field equal to your ip address - Answer- events with the value of the system_ip field equal to your ip address Which of the following are ways you can create an event type. Select all that apply. Run a search, then save as Event Type Settings > Event types > "New Event Type" From event details, select Event Actions > Build Event Type - Answer- Run a search, then save as Event Type Settings > Event types > "New Event Type" From event details, select Event Actions > Build Event Type Which statement best describes the function of a Workflow Action Allows users to interact with web resources Retrieves information from an external source Uses field values to perform a secondary search Sends field values to an external source - Answer- Allows users to interact with web resources Retrieves information from an external source Uses field values to perform a secondary search Sends field values to an external source Field aliases are applied after _________ and before ________ . Select all that apply. tags, field extractions field extractions, tags field extractions, lookups lookups, field extractions - Answer- field extractions, tags field extractions, lookups Surround the macro name with the _____ when executing the macro in search. Double quote character Dollar sign Backtick character Single quote character - Answer- Backtick character Which statements best describe an Event Type. Select all that apply. Categorizes events based on search constraints tags, field extractions Can be used to normalize field names, tags and field extractions Allow users to interact with web resources - Answer- Categorizes events based on search constraints Can be used to normalize field names, tags and field extractions To perform a secondary search, use a _______ workflow action PUT POST Search GET - Answer- Search To search for a tag associated with a value on a specific field, select the correct string. tag=user=privileged tag=user::privileged tag::user=privileged tag-user::privileged - Answer- tag::user=privileged True or False: Splunk knowledge objects can only be used privately. TRUE FALSE - Answer- False Use ___=false with the chart command if you want to hide the OTHER column. - Answer- useother To display the least common values of a field, use the ___ command. rare top stats timechart with common=f option - Answer- rare When renaming fields with spaces or special characters, use the rename command and include the new field name in ___. double quotes single quotes None of the above - Answer- double quotes When you use the stats command with a BY clause, what is returned? a statistical output for each value of the named field an error message because you did not include a statistical function one row numerical statistics on each field if and only if all of the values of that field are numerical - Answer- a statistical output for each value of the named field The ___(X,Y) eval function returns X to the power of Y. - Answer- pow By default, the sort command lists results in ___ order. descending ascending - Answer- ascending The ___ command will always have _time as the X-axis. - Answer- timechart Which of these eval functions takes no arguments? max random min pow - Answer- random