- (Exam Topic 1)
What functionality does the Splunk Common Information Model (CIM) rely on to normalize fields with different names?

1. A. Macros.
2. B. Field aliases.
3. C. The rename command.
4. D. CIM does not work with different names for the same field.

Correct Answer: B

- (Exam Topic 1)
Which of the following eval command function is valid?

1. A. Int ()
2. B. Count ( )
3. C. Print ()
4. D. Tostring ()

Correct Answer: D

- (Exam Topic 1)
Data model are composed of one or more of which of the fo-owing datasets? (select all that apply.)

1. A. Events datasets
2. B. Search datasets
3. C. Transaction datasets
4. D. Any child of event, transaction, and search datasets

Correct Answer: ABC

- (Exam Topic 1)
When multiple event types with different color values are assigned to the same event, what determines the color displayed for the events?

1. A. Rank
2. B. Weight
3. C. Priority
4. D. Precedence

Correct Answer: C

- (Exam Topic 1)
Which of the following is the correct way to use the data model command to search field in the data model within the web dataset?

1. A. | datamodel web search | filed web *
2. B. | Search datamodel web web | filed web*
3. C. | datamodel web web field | search web*
4. D. Datamodel=web | search web | filed web*

Correct Answer: A