Most Recent Splunk SPLK-1002 Exam Questions & Answers

The fields sidebar is a panel that shows the fields that are present in your search results2.The fields sidebar does not show all extracted fields, which are fields that are extracted from your raw data using various methods such as regular expressions, delimiters or key-value pairs2.The fields sidebar only shows selected fields and interesting fields2.Selected fields are fields that you choose to display in your search results by clicking on them in the fields sidebar or by using the fields command2.Interesting fields are fields that appear in at least 20 percent of events or have high variability among values2. Therefore, option C is correct, while options A and B are incorrect because they are types of fields that the fields sidebar does show.

https://docs.splunk.com/Documentation/Splunk/8.0.2/Knowledge/SetupaGETworkflowaction

Define a GET workflow action

Steps

Navigate toSettings > Fields > Workflow Actions.

ClickNewto open up a new workflow action form.

Define aLabelfor the action.

TheLabelfield enables you to define the text that is displayed in either the field or event workflow menu. Labels can be static or include the value of relevant fields.

Determine whether the workflow action applies to specific fields or event types in your data.

UseApply only to the following fieldsto identify one or more fields. When you identify fields, the workflow action only appears for events that have those fields, either in their event menu or field menus. If you leave it blank or enter an asterisk the action appears in menus for all fields.

UseApply only to the following event typesto identify one or more event types. If you identify an event type, the workflow action only appears in the event menus for events that belong to the event type.

ForShow action indetermine whether you want the action to appear in theEvent menu, theFields menus, orBoth.

SetAction typetolink.

InURIprovide a URI for the location of the external resource that you want to send your field values to.

Similar to theLabelsetting, when you declare the value of a field, you use the name of the field enclosed by dollar signs.

Variables passed in GET actions via URIs are automaticallyURL encodedduring transmission. This means you can include values that have spaces between words or punctuation characters.

UnderOpen link in, determine whether the workflow action displays in the current window or if it opens the link in a new window.

Set theLink methodtoget.

ClickSaveto save your workflow action definition.

The regular expression mode of Field Extractor (FX) should be used for data with multiple, different characters separating fields or for unstructured dat

a. The regular expression mode allows you to select a sample event and highlight the fields that you want to extract, and the field extractor generates a regular expression that matches similar events and extracts the fields from them. Reference SeeBuild field extractions with the field extractor - Splunk DocumentationandField Extractor: Select Method step - Splunk Documentation.

Arguments are defined within the macro search string by using dollar signs on either side of the argument name, such as arg1 or fragment.

Reference

Search macro examples

Define search macros in Settings

Use search macros in searches