SPLK-1002 Practice Test

After manually editing; a regular expression (regex), which of the following statements is true?

A.

Changes made manually can be reverted in the Field Extractor (FX) UI.

B.

It is no longer possible to edit the field extraction in the Field Extractor (FX) UI.

C.

It is not possible to manually edit a regular expression (regex) that was created using the Field Extractor
(FX) UI.

D.

The Field Extractor (FX) UI keeps its own version of the field extraction in addition to the one that was
manually edited.

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens
when the require option is used?

A.

The regex can no longer be edited.

B.

The field being extracted will be required for all future events.

C.

The events without the required field will not display in searches.

D.

Only events with the required string will be included in the extraction.

Which one of the following statements about the search command is true?

A.

It does not allow the use of wildcards.

B.

It treats field values in a case-sensitive manner.

C.

It can only be used at the beginning of the search pipeline.

D.

It behaves exactly like search strings before the first pipe.

Which of the following searches will return events contains a tag name Privileged?

A.

Tag= Priv

B.

Tag= Priv*

C.

Tag= Priv*

D.

Tag= Privileged

Which of the following eval command function is valid?

A.

Int ()

B.

Count ( )

C.

Print ()

D.

Tostring ()