which of the following are valid options with the chart command

• A.usenull
• B.fillfield
• C.usefiled
• D.useother

Comment: *

Name: *

Email: *

Verification: *

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?

• A.Index-main | transaction sessionid | search REJECT
• B.Index-main | REJECT trans sessionid
• C.Index=main | transaction sessionid | whose transaction=reject
• D.Index=main | transaction sessionid | where transaction=reject''

Comment: *

Name: *

Email: *

Verification: *

Splunk alerts can be based on search that run______. (Select all that apply.)

• A.and have no matching events
• B.in real-time
• C.on a regular schedule

Comment: *

Name: *

Email: *

Verification: *

A user wants to convert numeric field values to strings and also to sort on those values.
Which command should be used first, the eval or the sort?

• A.Convert the numeric to a string with eval first, then sort.
• B.It doesn't matter whether eval or sort is used first.
• C.You cannot use the sort command and the eval command on the same field.
• D.Use sort first, then convert the numeric to a string with eval.

Comment: *

Name: *

Email: *

Verification: *

Which of the following searches would return a report of sales by product-name?

• A.chart sales by product_name
• B.chart sum(price) as sales by product_name
• C.stats sum(price) as sales over product_name
• D.timechart list(sales), values(product_name)

Comment: *

Name: *

Email: *

Verification: *