Busy. Please wait.

Don't have an account? Sign up

taken

Age:

12 or younger
13 or older

Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password

Enter the email address associated with your account, and we'll email you a link to reset your password.

Upgrade to remove ads

Stack #4078237

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Created by: rruiz57

Question	Answer
Which of the following accurately describes data models? Select all that apply.	• A knowledge object that applies information structure to raw data • Can be used by the Pivot interface to generate reports and dashboard panels • Must contain at least one of each dataset: Events, Searches, and Transactions
To add a Root Event Dataset, what field is required to be manually added? Duration maxpause maxspan Dataset Name Dataset ID	Dataset Name
When adding fields to a dataset, which of the following creates a new field based on an expression that you define? Auto-Extracted Lookup Geo IP Eval Expression	Eval Expression
By default, the sort command lists results in __________ order. ascending descending	ascending
Which of the following do all event datasets contain? Select all that apply. • Constraints • Children • Fields • Purchases	• Constraints • Children • Fields
Information needed to create a GET workflow action includes which of the following? (Choose all that apply.)	• A name for the workflow action. • A URI where the user will be directed at search time. • A label that will appear in the Event Action menu at search time
Which of the following can be used with the eval command tostring function? "hex" "commas" "decimal" "duration"	• A. "hex" • B. "commas" • D. "duration"
Which of the following searches show a valid use of a macro?	• index=main source=mySource oldField=* \|'makeMyField(oldField)'\| table _time newField • index=main source=mySource oldField=* \| stats if('makeMyField(oldField)') \| table _time newField
A user wants to convert numeric field values to strings and also to sort on those values.	• B. Convert the numeric to a string with eval first, then sort.
Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags? • A. Macros • B. Lookups • C. Workflow actions • D. Field extractions	• B. Lookups • D. Field extractions
Which of the following statements describe data model acceleration?	• Accelerated data models cannot be edited. • Private data models cannot be accelerated. • You must have administrative permissions or the accelerate_datamodel capability to accelerate a data model.
How does a user display a chart in stack mode? • A. By using the stack command. • B. By turning on the Use Trellis Layout option. • C. By changing Stack Mode in the Format menu. •D. You cannot display a chart in stack mode, only a timechart.	• C. By changing Stack Mode in the Format menu.
If no value is specified with the fillnull command, what default value will be used? • A. 0 • B. N/A • C. ג€" • D. NULL	0
What will produce exactly the same results as \| chart count over vendor_action by user? \| chart count by vendor_action, user \| chart count over vendor_action, user \| chart count by vendor_action over user \| chart count over user by vendor_action	• \| chart count by vendor_action, user
What are the two parts of a root event dataset? • A. Fields and variables. • B. Fields and attributes. • C. Constraints and fields. • D. Constraints and lookups.	C. Constraints and fields.
When using timechart, how many fields can be listed after a by clause?	1, because _time is already implied as the x-axis.
A field alias has been created based on an original field. A search without any transforming commands is then executed in Smart Mode. Which field name appears in the results?	Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.
Which of the following statements describes macros?	• C. A macro is a reusable search string that may have a flexible time range.
In what order are the following knowledge objects/configurations applied? Field Aliases, Field Extractions, Lookups Field Extractions, Field Aliases, Lookups Field Extractions, Lookups, Field Aliases Lookups, Field Aliases, Field Extractions	• B. Field Extractions, Field Aliases, Lookups
In which of the following scenarios is an event type more effective than a saved search?	• C. When the search string needs to be used in future searches.
Which command is used only to create a time series visualization? a. _time b. chart c. timechart d. timeseries	c. timechart
. Which of the following statements describe field aliases? ) a Field aliases are applied after lookups. b Field aliases are applied before lookups. c Field aliases can be applied to lookups. d The original field is not replaced by the field alias.	b. Field aliases are applied before lookups. c. Field aliases can be applied to lookups. d. The original field is not replaced by the field alias.
. What action type is used when creating a POST workflow action? a. Web b. Link c. HTTP d. HTTPS	b. Link