When using the top command in the following search, which of the following will be true about the results?
index="main" sourcetype="access_*" action="purchase" | top 3 statusCode by user showperc=f countfield=status_code_count

• A.The search will fail. The proper top command format is top limit=3 instead of top 3.
• B.The top three most common values in statusCode will be displayed for each user.
• C.Only the top three overall most common values in statusCode will be displayed.
• D.The percentage field will be displayed in the results.

Comment: *

Name: *

Email: *

Verification: *

When looking at a statistics table, what is one way to drill down to see the underlying events?

• A.Creating a pivot table.
• B.Viewing your report in a dashboard.
• C.Clicking on any field value in the table.
• D.Clicking on the visualizations tab.

Comment: *

Name: *

Email: *

Verification: *

After running a search, what effect does clicking and dragging across the timeline have?

• A.Executes a new search.
• B.Expands the time range of the search.
• C.Moves to past or future events.
• D.Filters current search results.

Comment: *

Name: *

Email: *

Verification: *

How does Splunk determine which fields to extract from data?

• A.Splunk only extracts the most interesting data from the last 24 hours.
• B.Splunk only extracts fields users have manually specified in their data.
• C.Splunk automatically extracts any fields that generate interesting visualizations.
• D.Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.

Comment: *

Name: *

Email: *

Verification: *

Which command is used to validate a lookup file?

• A.| lookup products.csv
• B.inputlookup products.csv
• C.| inputlookup products.csv
• D.| lookup_definition products.csv

Comment: *

Name: *

Email: *

Verification: *