In the Field Extractor Utility, this button will display events that do not contain extracted fields.
Select your answer.

• A.Selected-Fields
• B.Non-Matches
• C.Non-Extractions
• D.Matches

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements describes macros?

• A.A macro is a reusable search string that must contain the full search.
• B.A macro is a reusable search string that must have a fixed time range.
• C.A macro Is a reusable search string that may have a flexible time range.
• D.A macro Is a reusable search string that must contain only a portion of the search.

Comment: *

Name: *

Email: *

Verification: *

Which is not a comparison operator in Splunk

• A.<=
• B.=
• C.!=
• D.>
• E.?=

Comment: *

Name: *

Email: *

Verification: *

Clicking a SEGMENT on a chart, ________.

• A.adds the highlighted value to the search criteria
• B.highlights the field value across the chart
• C.drills down for that value

Comment: *

Name: *

Email: *

Verification: *

In the following eval statement, what is the value of description if the status is 503? index=main | eval description=case(status==200, "OK", status==404, "Not found", status==500, "Internal Server Error")

• A.The description field would contain no value.
• B.The description field would contain the value 0.
• C.The description field would contain the value "Internal Server Error".
• D.This statement would produce an error in Splunk because it is incomplete.

Comment: *

Name: *

Email: *

Verification: *