Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1002 All Questions

View all questions & answers for the SPLK-1002 exam
Go to Exam

Exam SPLK-1002 topic 1 question 59 discussion

Actual exam question from Splunk's SPLK-1002
Question #: 59
Topic #: 1
[All SPLK-1002 Questions]

Which of the following statements describes field aliases?

  • A. Field alias names replace the original field name.
  • B. Field aliases can be used in lookup file definitions.
  • C. Field aliases only normalize data across sources and sourcetypes.
  • D. Field alias names are not case sensitive when used as part of a search.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by oksey at Aug. 31, 2020, 3:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
oksey
Highly Voted 4 years, 2 months ago
Field aliases can be used in lookup file definitions B
upvoted 12 times
Glat
3 years, 11 months ago
Yes it's B See p187 in F2
upvoted 4 times
8b5c1e8
2 days, 21 hours ago
What is the PDF F2 and where to find it?
upvoted 1 times
...
...
...
qawasmih
Most Recent 3 months, 2 weeks ago
Selected Answer: C
Field aliases help to normalize data
upvoted 1 times
...
Harrysa
1 year, 7 months ago
Cannot be C as it says (only) answer is B lookups
upvoted 1 times
...
marda
2 years, 9 months ago
Selected Answer: B
B - P187
upvoted 3 times
...
ComeUp
2 years, 10 months ago
B is the correct answer
upvoted 2 times
ComeUp
2 years, 10 months ago
Pg 181 in Splunk Fundamental 2
upvoted 1 times
...
...
gcalcaterra
3 years, 11 months ago
Well, even though in the PDF says that "Can apply field aliases to lookups" in page 181, in here [1] says "Splunk software applies field aliases to a search after it performs key-value field extraction, but before it processes calculated fields, lookups, event types, and tags. This means that you can create aliases for fields that are extracted at index time or search time, but you cannot create aliases for calculated fields, event types, tags, or fields that are added to your events by a lookup." [1] https://docs.splunk.com/Documentation/Splunk/8.1.0/Knowledge/Addaliasestofields
upvoted 1 times
gcalcaterra
3 years, 11 months ago
So, I go for C in this case, as it makes more sense to me for the order of execution of the operations, first aliases then lookups. https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Searchtimeoperationssequence
upvoted 3 times
some_thing
3 years, 5 months ago
C is not correct because it say ONLY source and sourcetype, while it is host, source or sourcetype. p181
upvoted 2 times
...
...
SpTester
3 years, 10 months ago
Yes your statement is absolutely correct. But take a moment to think on it. That says that you can create Lookups based on Aliases because Aliases are created first at searchtime. But you cannot Create aliases out of results of a lookup what is meant in "fields that are added to your events by a lookup" . So answer is B.
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel