Help
Options
Question
Which of the following accurately describes data models? Select all that apply.
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
To add a Root Event Dataset, what field is required to be manually added?
Duration maxpause maxspan
Dataset Name
Dataset ID
Duration maxpause maxspan
Dataset Name
Dataset ID
Remaining cards (22)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Stack #4078237
| Question | Answer |
|---|---|
| Which of the following accurately describes data models? Select all that apply. | • A knowledge object that applies information structure to raw data • Can be used by the Pivot interface to generate reports and dashboard panels • Must contain at least one of each dataset: Events, Searches, and Transactions |
| To add a Root Event Dataset, what field is required to be manually added? Duration maxpause maxspan Dataset Name Dataset ID | Dataset Name |
| When adding fields to a dataset, which of the following creates a new field based on an expression that you define? Auto-Extracted Lookup Geo IP Eval Expression | Eval Expression |
| By default, the sort command lists results in __________ order. ascending descending | ascending |
| Which of the following do all event datasets contain? Select all that apply. • Constraints • Children • Fields • Purchases | • Constraints • Children • Fields |
| Information needed to create a GET workflow action includes which of the following? (Choose all that apply.) | • A name for the workflow action. • A URI where the user will be directed at search time. • A label that will appear in the Event Action menu at search time |
| Which of the following can be used with the eval command tostring function? "hex" "commas" "decimal" "duration" | • A. "hex" • B. "commas" • D. "duration" |
| Which of the following searches show a valid use of a macro? | • index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField • index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField |
| A user wants to convert numeric field values to strings and also to sort on those values. | • B. Convert the numeric to a string with eval first, then sort. |
| Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags? • A. Macros • B. Lookups • C. Workflow actions • D. Field extractions | • B. Lookups • D. Field extractions |
| Which of the following statements describe data model acceleration? | • Accelerated data models cannot be edited. • Private data models cannot be accelerated. • You must have administrative permissions or the accelerate_datamodel capability to accelerate a data model. |
| How does a user display a chart in stack mode? • A. By using the stack command. • B. By turning on the Use Trellis Layout option. • C. By changing Stack Mode in the Format menu. •D. You cannot display a chart in stack mode, only a timechart. | • C. By changing Stack Mode in the Format menu. |
| If no value is specified with the fillnull command, what default value will be used? • A. 0 • B. N/A • C. ג€" • D. NULL | 0 |
| What will produce exactly the same results as | chart count over vendor_action by user? | chart count by vendor_action, user | chart count over vendor_action, user | chart count by vendor_action over user | chart count over user by vendor_action | • | chart count by vendor_action, user |
| What are the two parts of a root event dataset? • A. Fields and variables. • B. Fields and attributes. • C. Constraints and fields. • D. Constraints and lookups. | C. Constraints and fields. |
| When using timechart, how many fields can be listed after a by clause? | 1, because _time is already implied as the x-axis. |
| A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results? | Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events. |
| Which of the following statements describes macros? | • C. A macro is a reusable search string that may have a flexible time range. |
| In what order are the following knowledge objects/configurations applied? Field Aliases, Field Extractions, Lookups Field Extractions, Field Aliases, Lookups Field Extractions, Lookups, Field Aliases Lookups, Field Aliases, Field Extractions | • B. Field Extractions, Field Aliases, Lookups |
| In which of the following scenarios is an event type more effective than a saved search? | • C. When the search string needs to be used in future searches. |
| Which command is used only to create a time series visualization? a. _time b. chart c. timechart d. timeseries | c. timechart |
| . Which of the following statements describe field aliases? ) a Field aliases are applied after lookups. b Field aliases are applied before lookups. c Field aliases can be applied to lookups. d The original field is not replaced by the field alias. | b. Field aliases are applied before lookups. c. Field aliases can be applied to lookups. d. The original field is not replaced by the field alias. |
| . What action type is used when creating a POST workflow action? a. Web b. Link c. HTTP d. HTTPS | b. Link |
Created by:
rruiz57