Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

SplunkCore Certified Power User Sample Questions

  1. Home
  3. SplunkCore Certified Power User Sample Questions
Splunk Core Certified Power User Sample Questions

Advanced Sample Questions

Which of the following commands is used to limit search results to a specific field value?

  • a. eval
  • b. stats
  • c. where
  • d. fields

Answer: c. where

Explanation: The “where” command is used to limit search results to a specific field value.

Which of the following commands is used to calculate the average of a numerical field?

  • a. avg
  • b. sum
  • c. count
  • d. stats

Answer: a. avg

Explanation: The “avg” command is used to calculate the average of a numerical field.

Which of the following commands is used to remove duplicate values from search results?

  • a. dedup
  • b. distinct
  • c. unique
  • d. filter

Answer: a. dedup

Explanation: The “dedup” command is used to remove duplicate values from search results.

Which of the following commands is used to sort search results based on a specific field?

  • a. sort
  • b. order
  • c. rank
  • d. arrange

Answer: a. sort

Explanation: The “sort” command is used to sort search results based on a specific field.

  1. Which of the following commands is used to calculate the standard deviation of a numerical field? a. stddev b. variance c. median d. range

Answer: a. stddev

Explanation: The “stddev” command is used to calculate the standard deviation of a numerical field.

Which of the following is a key feature of Splunk dashboards?

  • a. Real-time data visualization
  • b. Machine learning algorithms
  • c. Database integration
  • d. File storage management

Answer: a. Real-time data visualization

Explanation: Real-time data visualization is a key feature of Splunk dashboards.

Which of the following is a key feature of Splunk alerting?

  • a. Scheduled report generation
  • b. Automated email notifications
  • c. Custom chart creation
  • d. Data modeling and normalization

Answer: b. Automated email notifications

Explanation: Automated email notifications are a key feature of Splunk alerting.

Which of the following is a key feature of Splunk lookup tables?

  • a. Ability to join tables from different data sources
  • b. Machine learning algorithms
  • c. Real-time data visualization
  • d. Data modeling and normalization

Answer: a. Ability to join tables from different data sources

Explanation: The ability to join tables from different data sources is a key feature of Splunk lookup tables.

Which of the following is a key feature of Splunk data models?

  • a. Ability to create custom fields
  • b. Real-time data visualization
  • c. Database integration
  • d. Data normalization and summarization

Answer: d. Data normalization and summarization

Explanation: Data normalization and summarization is a key feature of Splunk data models.

Which of the following is a key feature of Splunk search commands?

  • a. Machine learning algorithms
  • b. Custom report creation
  • c. Real-time data visualization
  • d. Ability to extract fields and calculate statistics

Answer: d. Ability to extract fields and calculate statistics

Explanation: The ability to extract fields and calculate statistics is a key feature of Splunk search commands.

Basic Sample Questions

Question 1 – Which of the given statements best describes the use of the Field Extractor (FX)?

  • A. The Field Extractor automatically extracts all fields at search time.
  • B. The Field Extractor uses PERL to extract fields from the raw events.
  • C. Fields extracted using the Field Extractor persist as knowledge objects.
  • D. Fields extracted using the Field Extractor do not persist and must be defined for each search.

Correct Answer: C

Question 2 – Which of the following will return a report of sales by product_name?

  • A. chart sales by product_name
  • B. chart sum(price) as sales by product_name
  • C. stats sum(price) as sales over product_name
  • D. time chart list(sales), values(product_name)

Correct Answer: C

Reference: http://hilllaneconsulting.co.uk/blog/?p=640

Question 3 – In the Splunk Common Information Model (CIM) add-on, which of the following data models are included? (Choose all that apply.)

  • A. Alerts
  • B. Email
  • C. Databases
  • D. User permissions

Correct Answer: ABC

Reference: https://docs.splunk.com/Documentation/CIM/4.15.0/User/Overview

Question 4 – Which of the following is a limitation of searches generated by workflow actions?

  • A. Searches generated by workflow actions cannot use macros.
  • B. Searches generated by workflow actions must be less than 256 characters long.
  • C. Searches generated by workflow actions must run in the same app as the workflow action.
  • D. Searches generated by workflow actions run with the same permissions as the user running them.

Correct Answer: D

Question 5 – Which one of the given statements is correct regarding the search command?

  • A. It does not allow the use of wildcards.
  • B. It treats field values in a case-sensitive manner.
  • C. It can only be used at the beginning of the search pipeline.
  • D. It behaves exactly like search strings before the first pipe.

Correct Answer: D

Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Search/Usethesearchcommand

Question 6 – What does the transaction command do?

  • A. Grouping a set of transactions based on time.
  • B. Creating a single event from a group of events.
  • C. Separating two events based on one or more values.
  • D. Returning the number of credit card transactions found in the event logs.

Correct Answer: B

Question 7 – Which of the given is the relationship between data models and pivots?

  • A. Data models provide the datasets for pivots.
  • B. Pivots and data models have no relationship.
  • C. Pivots and data models are the same things.
  • D. Pivots provide the datasets for data models.

Correct Answer: A

Question 8 – What is the most accurate description of the actions performed by the Search workflow?

  • A. By default, Search workflow actions will run as a real-time search.
  • B. Search workflow actions can be configured as scheduled searches.
  • C. The user can define the time range of the search when creating the workflow action.
  • D. Search workflow actions cannot be configured with a search string that includes the transaction command.

Correct Answer: C

Question 9 – Which of the given commands support the same set of functions?

  • A. stats, eval, table
  • B. search, where, eval
  • C. stats, chart, time chart
  • D. transaction, chart, time chart

Correct Answer: C

Question 10 – Using the eval command, you can perform which of the following? (Choose all that apply.)

  • A. Format values
  • B. Convert values
  • C. Perform calculations
  • D. Use conditional statements

Correct Answer: ABCD

Question 11 – With the time chart command, how can a user categorize events according to time?

  • A. Using the span argument.
  • B. Using the duration argument.
  • C. Using the interval argument.
  • D. Adjusting the fieldformat options.

Correct Answer: A

Question 12 – Which of the given statements regarding the data models and pivot are correct? (Choose all that apply.)

  • A. They are both knowledge objects.
  • B. Data models are created out of datasets called pivots.
  • C. Pivot requires users to input SPL searches on data models.
  • D. Pivot allows the creation of data visualizations that present different aspects of a data model.

Correct Answer: BD

Question 13 – Using the Auto-Extracted method, one can add the Data model fields. Which of the given statements is the most suitable description of the Auto-Extracted fields? (Choose all that apply.)

  • A. Auto-Extracted fields can be hidden in Pivot.
  • B. Auto-Extracted fields can have their data type changed.
  • C. Auto-Extracted fields can be given a friendly name for use in Pivot.
  • D. Auto-Extracted fields can be added if they already exist in the dataset with constraints.

Correct Answer: B

Question 14 – Which type of visualization correctly highlights the relationships between discrete values in three dimensions?

  • A. Pie chart
  • B. Line chart
  • C. Bubble chart
  • D. Scatter chart

Correct Answer: D

Question 15 – In Splunk, what is the function of the Common Information Model (CIM)?

  • A. Normalizing data across a Splunk deployment.
  • B. Providing templates for reports and dashboards.
  • C. Algorithmically shifting events to other indexes.
  • D. Reingesting previously indexed data with new field names.

Correct Answer: A

Reference: https://docs.splunk.com/Documentation/CIM/4.18.0/User/Overview

Question 16 – What are some of the actions that can be performed by the eval command?

  • A. Removing fields from results.
  • B. Creating or replacing an existing field.
  • C. Grouping transactions by one or more fields.
  • D. Saving SPL commands to be reused in other searches.

Correct Answer: B

Question 17 – What are the conditions for following a macro with a pipe?

  • A. A pipe may always follow a macro.
  • B. The current user must own the macro.
  • C. The macro must be defined in the current app.
  • D. Only when sharing is set to global for the macro.

Correct Answer: A

Question 18 – The data model is composed of which dataset or datasets? (Choose all that apply.)

  • A. Events datasets
  • B. Search datasets
  • C. Transaction datasets
  • D. Any child of event, transaction, and search datasets

Correct Answer: ABC

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels

Question 19 – What is the best delimiter to use with the Field Extractor (FX)? (Choose all that apply.)

  • A. Tabs
  • B. Pipes
  • C. Colons
  • D. Spaces

Correct Answer: BD

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/FXSelectMethodstep

Question 20 – A single event can be assigned multiple types with different colors, but what determines the color displayed for that event?

  • A. Rank
  • B. Weight
  • C. Priority
  • D. Precedence

Correct Answer: C

Reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/Knowledge/Defineeventtypes

Menu