which of the following commands are used when creating visualizations(select all that apply.)
Correct Answer: A,C,D
The following commands are used when creating visualizations: geom, geostats, and iplocation. Visualizations are graphical representations of data that show trends, patterns, or comparisons. Visualizations can have different types, such as charts, tables, maps, etc. Visualizations can be created by using various commands that transform the data into a suitable format for the visualization type. Some of the commands that are used when creating visualizations are: geom: This command is used to create choropleth maps that show geographic regions with different colors based on some metric. The geom command takes a KMZ file as an argument that defines the geographic regions and their boundaries. The geom command also takes a field name as an argument that specifies the metric to use for coloring the regions. geostats: This command is used to create cluster maps that show groups of events with different sizes and colors based on some metric. The geostats command takes a latitude and longitude field as arguments that specify the location of the events. The geostats command also takes a statistical function as an argument that specifies the metric to use for sizing and coloring the clusters. iplocation: This command is used to create location-based visualizations that show events with different attributes based on their IP addresses. The iplocation command takes an IP address field as an argument and adds some additional fields to the events, such as Country, City, Latitude, Longitude, etc. The iplocation command can be used with other commands such as geom or geostats to create maps based on IP addresses.
SPLK-1002 Exam Question 117
In which of the following scenarios is an event type more effective than a saved search?
Correct Answer: C
Reference: https://answers.splunk.com/answers/4993/eventtype-vs-saved-search.html An event type is a way to categorize events based on a search string that matches the events2. You can use event types to simplify your searches by replacing long or complex search strings with short and simple event type names2. An event type is more effective than a saved search when the search string needs to be used in future searches because it allows you to reuse the search string without having to remember or type it again2. Therefore, option C is correct, while options A, B and D are incorrect because they are not scenarios where an event type is more effective than a saved search.
SPLK-1002 Exam Question 118
Which type of workflow action sends field values to an external resource (e.g. a ticketing system)?
Correct Answer: A
The type of workflow action that sends field values to an external resource (e.g. a ticketing system) is POST. A POST workflow action allows you to send a POST request to a URI location with field values or static values as arguments. For example, you can use a POST workflow action to create a ticket in an external system with information from an event.
SPLK-1002 Exam Question 119
Which workflow action method can be used the action type is set to link?
Correct Answer: A
https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/SetupaGETworkflowaction Define a GET workflow action Steps Navigate to Settings > Fields > Workflow Actions. Click New to open up a new workflow action form. Define a Label for the action. The Label field enables you to define the text that is displayed in either the field or event workflow menu. Labels can be static or include the value of relevant fields. Determine whether the workflow action applies to specific fields or event types in your data. Use Apply only to the following fields to identify one or more fields. When you identify fields, the workflow action only appears for events that have those fields, either in their event menu or field menus. If you leave it blank or enter an asterisk the action appears in menus for all fields. Use Apply only to the following event types to identify one or more event types. If you identify an event type, the workflow action only appears in the event menus for events that belong to the event type. For Show action in determine whether you want the action to appear in the Event menu, the Fields menus, or Both. Set Action type to link. In URI provide a URI for the location of the external resource that you want to send your field values to. Similar to the Label setting, when you declare the value of a field, you use the name of the field enclosed by dollar signs. Variables passed in GET actions via URIs are automatically URL encoded during transmission. This means you can include values that have spaces between words or punctuation characters. Under Open link in, determine whether the workflow action displays in the current window or if it opens the link in a new window. Set the Link method to get. Click Save to save your workflow action definition.
SPLK-1002 Exam Question 120
Which of the following are required to create a POST workflow action?
Correct Answer: C
POST workflow actions are custom actions that send a POST request to a web server when you click on a field value in your search results. POST workflow actions can be configured with various options, such as label name, base URL, URI parameters, post arguments, app context, etc. One of the options that are required to create a POST workflow action is post arguments. Post arguments are key-value pairs that are sent in the body of the POST request to provide additional information to the web server. Post arguments can include field values from your data by using dollar signs around the field names.
