Free SPLK-1004 Sample Questions — Splunk Core Certified Advanced Power User

Which of the following are potential string results returned by the typeof function?

• A. True, False, Unknown
• B. Number, String, Bool
• C. Number, String, Null
• D. Field, Value, Lookup

What capability does a power user need to create a Log Event alert action?

• A. edit_search_server
• B. edit_udp
• C. edit_tcp
• D. edit_alerts

What file types does Splunk use to define geospatial lookups?

• A. GPX or GML files
• B. TXT files
• C. KMZ or KML files
• D. CSV files

What is an example of the simple XML syntax for a base search and its post-process search?

• A. <search id="myBaseSearch">, <search base="myBaseSearch">
• B. <search globalsearch="myBaseSearch">, <search globalsearch>
• C. <panel id="myBaseSearch">, <panel base="myBaseSearch">
• D. <search id="myGlobalSearch">, <search base="myBaseSearch">

How can the Inspect button be disabled on a dashboard panel?

• A. Set inspect.link.disabled to 1
• B. Set link.inspect.visible to 0
• C. Set link.inspect.Search.visible to 0
• D. Set link.search.disabled to 1

What type of drilldown passes a value from a user click into another dashboard or external page?

• A. Visualization
• B. Event
• C. Dynamic
• D. Contextual

What is the value of base lispy in the Search Job Inspector for the search index=sales clientip=170.192.178.10?

• A. [ index::sales 192 AND 10 AND 178 AND 170 ]
• B. [ index::sales AND 469 10 702 390 ]
• C. [ 192 AND 10 AND 178 AND 170 index::sales ]
• D. [ AND 10 170 178 192 index::sales ]

How is regex passed to the makemv command?

• A. makemv must be preceded by the erex command
• B. It is specified by the delim argument
• C. It is specified by the tokenizer argument
• D. makemv must be preceded by the rex command

Where does the output of an append command appear in the search results?

• A. Added as a column to the right of the search results
• B. Added as a column to the left of the search results
• C. Added to the beginning of the search results
• D. Added to the end of the search results

Which of the following is not a common default time field?

• A. date_zone
• B. date_minute
• C. date_year
• D. date_day

Where can wildcards be used in the tstats command?

• A. No wildcards can be used with tstats
• B. In the where clause
• C. In the from clause
• D. In the by clause

Which of the following functions' primary purpose is to convert epoch time to a string format?

• A. tostring
• B. strptime
• C. tonumber
• D. strftime

Which of the following best describes the process for tokenizing event data?

• A. The event data is broken up by values in the punct field
• B. The event data is broken up by major breakers and then broken up further by minor breakers
• C. The event data is broken up by a series of user-defined regex patterns
• D. The event data has all punctuation stripped out and is then space delimited

Which syntax is used when referencing multiple CSS files in a view?

• A. <dashboard stylesheet="custom.css, userapps.css">
• B. <dashboard style="custom.css, userapps.css">
• C. <dashboard stylesheet=custom.css stylesheet=userapps.css>
• D. <dashboard stylesheet="custom.css | userapps.css">

Which statement about tsidx files is accurate?

• A. Splunk updates tsidx files every 30 minutes
• B. Splunk removes outdated tsidx files every 5 minutes
• C. tsidx file consists of a lexicon and a posting list
• D. Each bucket in each index may contain only one tsidx file