Splunk Core Certified Power User - SPLK-1002 Exam Practice Test
Which of the following actions can the eval command perform?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which delimiters can the Field Extractor (FX) detect? (select all that apply)
Correct Answer: A,B,D
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Given the macro definition below, what should be entered into the Name and Arguments fileds to correctly configured the macro?


Correct Answer: D
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which group of users would most likely use pivots?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
What syntax would a user specify to search for the prod tag associated with the host field and webserver value?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A user wants a table that will show the total revenue made for each product in each sales region. Which would be the correct SPL query to use?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
If a calculated field has the same name as an extracted field, what happens to the extracted field?
Correct Answer: C
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Which of the following definitions describes a macro named "samplemacro" that accepts two arguments?
Correct Answer: A
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
These allow you to categorize events based on search terms.
Select your answer.
Select your answer.
Correct Answer: C
Vote an answer
Which of the following commands connects an additional table of data directly to the right side of the existing table?
Correct Answer: B
Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).