Free Splunk Core Certified Advanced Power User Exam SPLK-1004 Exam Practice Test

How can the erex and rex commands be used in conjunction to extract fields?

• The regex generated by the erex command can be edited and used with the rex command in a subsequent search.
• The regex generated by the rex command can be edited and used with the erex command in a subsequent search.
• The regex generated by the erex command can be edited and used with the erex command in a subsequent search.
• The erex and rex commands cannot be used in conjunction under any circumstances.

What is the recommended way to create a field extraction that is both persistent and precise?

• Use the rex command.
• Use the Field Extractor and manually edit the generated regular expression.
• Use the Field Extractor and let it automatically generate a regular expression.
• Use the erex command.

If a search contains a subsearch, what is the order of execution?

• The order of execution depends on whether either search uses a stats command.
• The inner search executes first.
• The outer search executes first.
• The two searches are executed in parallel.

Which stats function is used to return a sorted list of unique field values?

• values
• sum
• count
• list

Which predefined drilldown token passes a clicked value from a table row?

• $rowclick.$
• $tableclick.$
• $row.$
• $table.$

Which of the following are potential string results returned by the typeof function?

• True, False, Unknown
• Number, String, Bool
• Number, String, Null
• Field, Value, Lookup

How is a cascading input used?

• As part of a dashboard, but not in a form.
• Without notation in the underlying XML.
• As a way to filter other input selections.
• As a default way to delete a user role.

A report named "Linux logins" populates a summary index with the search string sourcetype=linux_secure | sitop src_ip user. Which of the following correctly searches against the summary index for this data?

• index=summary sourcetype="linux_secure" | top src_ip user
• index=summary search_name="Linux logins" | top src_ip user
• index=summary search_name="Linux logins" | stats count by src_ip user
• index=summary sourcetype="linux_secure" | stats count by src_ip user

If a nested macro expands to a search string that begins with a generating command, what additional syntax is needed?

• Double tick marks around the nested macro.
• A comma before the nested macro.
• Square brackets around the nested macro.
• A pipe character before the nested macro.

Which of the following is an event handler action?

• Run an eval statement based on a user clicking a value on a form.
• Set a token to select a value from the time range picker.
• Pass a token from a drilldown to modify index settings.
• Cancel all jobs based on the number of search job results captured.