What does the fillnull command replace null values with, if the value argument is not specified?
A. 0
B. N/A
C. NaN
Correct Answer: A
Reference: https://answers.splunk.com/answers/653427/fillnull-doesnt-work-without-specfying-a-field.html

Which statement is true?
A. Pivot is used for creating datasets.
B. Data models are randomly structured datasets.
C. Pivot is used for creating reports and dashboards.
D. In most cases, each Splunk user will create their own data model.
Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Pivot/IntroductiontoPivot

Which workflow uses field values to perform a secondary search?
B. Action
C. Search
D. Sub-search
Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/CreateworkflowactionsinSplunkWeb

Which of the following searches would return a report of sales by product_name?
A. chart sales by product_name
B. chart sum(price) as sales by product_name
C. stats sum(price) as sales over product_name
D. timechart list(sales), values(product_name)
Correct Answer: C
Reference: http://hilllaneconsulting.co.uk/blog/?p=640

Which of the following actions can the eval command perform?
A. Remove fields from results.
B. Create or replace an existing field.
C. Group transactions by one or more fields.
D. Save SPL commands to be reused in other searches.
Correct Answer: A

Which of the following is the correct way to use the datamodel command to search fields in the Web data model within
the Web dataset?
A. | datamodel Web Web search | fields Web*
B. | search datamodel Web Web | fields Web*
C. | datamodel Web Web fields | search Web*
D. datamodel=Web | search Web | fields Web*
Correct Answer: B

In what order are the following knowledge objects/configurations applied?
A. Field Aliases, Field Extractions, Lookups
B. Field Extractions, Field Aliases, Lookups
C. Field Extractions, Lookups, Field Aliases
D. Lookups, Field Aliases, Field Extractions
Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/WhatisSplunkknowledge

Given the macro definition below, what should be entered into the Name and Arguments fields to correctly configure the

Cert4sure sklk-1002 exam questions-q8

A. The macro name is sessiontracker and the arguments are action, JESSIONID.
B. The macro name is sessiontracker(2) and the arguments are action, JESSIONID.
C. The macro name is sessiontracker and the arguments are $action$, $JESSIONID$.
D. The macro name is sessiontracker(2) and the Arguments are $action$, $JESSIONID$.
Correct Answer: B
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Definesearchmacros

By default, how is acceleration configured in the Splunk Common Information Model (CIM) add-on?
A. Turned off.
B. Turned on.
C. Determined automatically based on the sourcetype.
D. Determined automatically based on the data source.
Correct Answer: D

Where are the results of eval commands stored?
A. In a field.
B. In an index.
C. In a KV Store.
D. In a database.
Correct Answer: A
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Eval

Which of the following statements would help a user choose between the transaction and stars commands?
A. stats can only group events using IP addresses.
B. The transaction command is faster and more efficient.
C. There is a 1000 event limitation with the transaction command.
D. Use stats when the events need to be viewed as a single correlated event.
Correct Answer: C
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Transaction

Which of the following statements describe the Common Information Model (CIM)? (Choose all that apply.)
A. CIM is a methodology for normalizing data.
B. CIM can correlate data from different sources.
C. The Knowledge Manager uses the CIM to create knowledge objects.
D. CIM is an app that can coexist with other apps on a single Splunk deployment.
Correct Answer: AB
Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview

When using the Field Extractor (FX), which of the following delimiters will work? (Choose all that apply.)
A. Tabs
B. Pipes
C. Colons
D. Spaces
Correct Answer: BD
Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep

