What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user
Correct Answer: A
SPLK-1002 Exam Question 62
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
Correct Answer: C
SPLK-1002 Exam Question 63
If a search returns ____________ it can be viewed as a chart.
Correct Answer: B
Explanation If a search returns statistics, it can be viewed as a chart2. Statistics are tabular data that show the relationship between two or more fields2. You can create statistics by using commands such as stats, chart or timechart2. You can view statistics as a chart by selecting the Visualization tab in the Search app and choosing a chart type such as column, line or pie2. Therefore, option B is correct, while options A, C and D are incorrect because they are not types of data that can be viewed as a chart.
SPLK-1002 Exam Question 64
Which of the following statements is true, especially in large environments?
Correct Answer: B
Reference:https://answers.splunk.com/answers/103/transaction-vs-stats-commands.html The stats command is faster and more efficient than the transaction command, especially in large environments. The stats command is used to calculate summary statistics on the events, such as count, sum, average, etc. The stats command can group events by one or more fields or by time buckets. The stats command does not create new events from groups of events, but rather creates new fields with statistical values. The transaction command is used to group events into transactions based on some common characteristics, such as fields, time, or both. The transaction command creates new events from groups of events that share one or more fields. The transaction command also creates some additional fields for each transaction, such as duration, eventcount, startime, etc. The transaction command is slower and more resource-intensive than the stats command because it has to process more data and create more events and fields.
SPLK-1002 Exam Question 65
Which of the following are required to create a POST workflow action?
Correct Answer: C
POST workflow actions are custom actions that send a POST request to a web server when you click on a field value in your search results. POST workflow actions can be configured with various options, such as label name, base URL, URI parameters, post arguments, app context, etc. One of the options that are required to create a POST workflow action is post arguments. Post arguments are key-value pairs that are sent in the body of the POST request to provide additional information to the web server. Post arguments can include field values from your data by using dollar signs around the field names.
