SPLK-1002 無料問題集「Splunk Core Certified Power User」

（A）... | fillnull value=0 field1 | fillnull field2

（B）... | fillnull values=(0,"NO-VALUE") fields=(field1,field2)

（C）There is no equivalent expression using fillnull

（D）... | fillnull field1 | fillnull value="NO-VALUE" field2

（A）status field

（B）Data model dataset name.

（C）Multiple indexes

（D）Data model field name.

（A）Transaction datasets

（B）Events datasets

（C）Any child of event, transaction, and search datasets

（D）Search datasets

（A）transactions

（B）a list of events

（C）statistical values

（A）Unlimited

（B）1h

（C）1d

（D）1m

（A）sourcetype=access_* | maximum totals by bytes

（B）sourcetype=access_* | max(bytes)

（C）sourcetype=access_* | avg (bytes)

（D）sourcetype=access_* | stats max(bytes)

（A）You cannot use the sort command and the eval command on the same field.

（B）Convert the numeric to a string with eval first, then sort.

（C）Use sort first, then convert the numeric to a string with eval.

（D）It doesn't matter whether eval or sort is used first.

（A）Field extractions

（B）Lookups

（C）Workflow actions

（D）Macros

（A）top values by time

（B）rare values

（C）events with this field

（D）top values

（A）| chart count over vendor_action, user

（B）| chart count by vendor_action over user

（C）| chart count over user by vendor_action

（D）| chart count by vendor_action, user

（A）appendcols

（B）append

（C）update

（D）subsearch

（A）Searches generated by workflow action run with the same permissions as the user running them.

（B）Searches generated by workflow action must run in the same app as the workflow action.

（C）Searches generated by workflow actions must be less than 256 characters long.

（D）Searches generated by workflow action cannot use macros.

（A）Reusable pieces of search processing language.

（B）Lookup definitions in lookup tables.

（C）A method to normalize fields.

（D）Categories of search results.

（A）A macro is a way to associate an additional (new) name with an existing field name.

（B）A macro is a knowledge object that enables you to schedule searches for specific events.

（C）A macro is a portion of a search that can be reused in multiple place

（D）A macro is a method of categorizing events based on a search.

（A）Users must use SPL to find events in a Pivot.

（B）Users can save reports from Pivot.

（C）Users cannot share visualizations created with Pivot.

（D）Users cannot create visualizations with Pivot.

（A）Output fields for a lookup

（B）Tags

（C）Fields generated from a search string

（D）Extracted fields

（A）Turned on

（B）Turned off

（C）Determined automatically based on the sourcetype.

（D）Determined automatically based on the data source.

（A）The tag field.

（B）An alias of a field.

（C）A field added by an automatic lookup.

（D）The eventtype field.