SPLK-1002 Splunk Core Certified Power User Exam

Exam Description: The Splunk Core Certified Power User exam is the final step towards completion of the Splunk Core Certified Power User certification. This next-level certification exam is a 57-minute,
60-question assessment which evaluates a candidate’s knowledge and skills of field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data
models, and normalizing data with the CIM. Candidates can expect an additional 3 minutes to review the exam agreement, for a total seat time of 60 minutes. Candidates for this certification must complete the
lecture, hands-on labs, and quizzes that are part of the Splunk Fundamentals 2 course in order to be eligible for the certification exam. Splunk Core Certified Power User is a required prerequisite to the
Splunk Enterprise Certified Admin certification track.

This course focuses on searching and reporting commands, as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting
results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data
with the Common Information Model (CIM).

Examkingdom Splunk SPLK-1002 Exam pdf,

MCTS Training, MCITP Trainnig

Best Splunk SPLK-1002 Downloads, Splunk SPLK-1002 Dumps at Certkingdom.com

The following content areas are general guidelines for the content to be included on the exam:
* Transforming commands and visualizations
* Filtering and formatting results
* Correlating events
* Knowledge objects
* Fields (field aliases, field extractions, calculated fields)
* Tags and event types
* Macros
* Workflow actions
* Data models
* Splunk Common Information Model (CIM)

The following topics are general guidelines for the content likely to be included on the exam; however,
other related topics may also appear on any specific delivery of the exam. In order to better reflect the
contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Using Transforming Commands for Visualizations 5%
1.1 Use the chart command
1.2 Use the timechart command

2.0 Filtering and Formatting Results 10%
2.1 The eval command
2.2 Use the search and where commands to filter results
2.3 The fillnull command

3.0 Correlating Events 15%

3.1 Identify transactions
3.2 Group events using fields
3.3 Group events using fields and time
3.4 Search with transactions
3.5 Report on transactions
3.6 Determine when to use transactions vs. stats

4.0 Creating and Managing Fields 10%
4.1 Perform regex field extractions using the Field Extractor (FX)
4.2 Perform delimiter field extractions using the FX

5.0 Creating Field Aliases and Calculated Fields 10%
5.1 Describe, create, and use field aliases
5.2 Describe, create, and use calculated fields

6.0 Creating Tags and Event Types 10%
6.1 Create and use tags
6.2 Describe event types and their uses
6.3 Create an event type

7.0 Creating and Using Macros 10%
7.1 Describe macros
7.2 Create and use a basic macro
7.3 Define arguments and variables for a macro
7.4 Add and use arguments with a macro

8.0 Creating and Using Workflow Actions 10%
8.1 Describe the function of GET, POST, and Search workflow actions
8.2 Create a GET workflow action
8.3 Create a POST workflow action
8.4 Create a Search workflow action

9.0 Creating Data Models 10%
9.1 Describe the relationship between data models and pivot
9.2 Identify data model attributes
9.3 Create a data model

10.0 Using the Common Information Model (CIM) Add-On 10%
10.1 Describe the Splunk CIM
10.2 List the knowledge objects included with the Splunk CIM Add-On
10.3 Use the CIM Add-On to normalize data
 


Sample Questions and Answers

Question: 1
Selected fields are displayed ______each event in the search results.

A. below
B. interesting fields
C. other fields
D. above

Answer: A

Question: 2
Search terms are not case sensitive.

A. True
B. False

Answer: A

Question: 3
These two searches will NOT return the same results. SEARCH 1:login failure SEARCH 2: “login failure”.

A. True
B. False

Answer: A

Question: 4
A space is an implied _____ in a search string.

A. OR
B. AND
C. ()
D. NOT

Answer: B

Question: 5
You can not specify a relative time range, such as 45 seconds ago, for a search.

A. True
B. False

Answer: B


Students Reviews and Discussion

Bandile Ndlela Voted 2 weeks ago
Hello, with the new version released at 20th september, if this update all questions?
upvoted 32 times

AGUIDI MAHAMAT Highly 4 months ago – Chad
95% of the questions are valid. Review the answers. Review discussions of why some answers are inaccurate. This will provide better study and understanding of content.
upvoted 32 times

Mahendrie Dwarika Most Recent 1 week – South Africa
More than 90% of the question on the exam were from here. Thxs Exam Topics
upvoted 5 times

valisetti ravishankar 3 weeks, 2 days ago – USA

Thank you so much for providing excellent study material. I prepared for my 350-501 exam and aced the exam with 950 marks
upvoted 7 times

Dos Santos Daniel 1 month, 1 week ago – Brazil
Passed My Exam on 19th , 91 multiple choice question , 5 new question and 86 question in here.
upvoted 23 times

SPLK-1002 Splunk Core Certified Power User Exam

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top