Which of the following statements describes the use of the Filed Extractor (FX)?
A. Fields extracted using the Field Extractor do not persist and must be defined for each search.
B. The Field Extractor automatically extracts all field at search time.
C. Field extracted using the Extracted persist as knowledge objects.
D. The Field Extractor uses PERL to extract field from the raw events.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Which of the following search modes automatically returns all extracted fields in the fields sidebar?
A. Fast
B. C. Verbose
C. Smart
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Based on the macro definition shown below, what is the correct way to execute the macro in a search string?
A. Convert_sales ($euro,$€$,s79$
B. Convert_sales (euro, €, .79)
C. Convert_sales ($euro, $€$,S,79$)
D. Convert_sales (euro, €, 79)"
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Which of the following statements describes POST workflow actions?
A. POST workflow actions cannot use field values in their URI.
B. POST workflow actions cannot be created on custom sourcetypes.
C. POST workflow actions are always encrypted.
D. POST workflow actions can open a web page in either the same window or a new .
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A user runs the following search:
index-X sourcetype=Y I chart count (domain) as count, sum (price) as sum by product, action usenull=f useother-f Which of the following table headers match the order this command creates?
A. Count: product, sum: product, count: action, sum: action
B. Product, count: addtocart, count: remove, count: purchase, sum: addtocart, sum: remove, sum: purchase
C. The chart command does not allow for multiple statistical functions.
D. Product, sum: addtocart, sum: remove, sum: purchase, count: addtocart, count: remove, count: purchase
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server Error")
A. The description field would contain no value.
B. The description field would contain the value "Internal Server Error".
C. The description field would contain the value 0.
D. This statement would produce an error in Splunk because it is incomplete.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
ア*ミ -
出題範囲を100%カバーしている。Pass4TestのSPLK-1002は最強。友達にも勧めました。