ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1002 All Questions

View all questions & answers for the SPLK-1002 exam
Go to Exam

Exam SPLK-1002 topic 1 question 83 discussion

Actual exam question from Splunk's SPLK-1002
Question #: 83
Topic #: 1
[All SPLK-1002 Questions]

Which are valid ways to create an event type? (Choose all that apply.)

  • A. By using the searchtypes command in the search bar.
  • B. By editing the event_type stanza in the props.conf file.
  • C. By going to the Settings menu and clicking Event Types > New.
  • D. By selecting an event in search results and clicking Event Actions > Build Event Type.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.splunk.com/Documentation/Splunk/8.1.1/Knowledge/Abouteventtypes
by mimi01 at March 12, 2021, 7:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mimi01
Highly Voted 4 years, 3 months ago
C & D are correct
upvoted 24 times
antukin
4 years, 3 months ago
Not sure about C - not sure if "Settings menu" is the same as "Save As" (p.202) D is correct - (p.203)
upvoted 1 times
...
Shafiqul
4 years, 1 month ago
A. using findtypes could have been a way - X B. Eventypes.conf separate file not props.conf - X C. Possible D. Possible Another way is save as menu .. Answer seems CD
upvoted 9 times
...
...
ismailwale
Most Recent 6 months, 1 week ago
Selected Answer: B
BCD Explanation: A. By using the searchtypes command in the search bar.: This statement is false. There is no searchtypes command in Splunk for creating event types. B. By editing the event_type stanza in the props.conf file.: This statement is true. Event types can be defined directly in the configuration files by editing the props.conf file. C. By going to the Settings menu and clicking Event Types > New.: This statement is true. Users can create a new event type through the Splunk web interface by accessing the settings menu. D. By selecting an event in search results and clicking Event Actions > Build Event Type.: This statement is true. Users can create a new event type directly from the search results by selecting an event and using the event actions menu.
upvoted 2 times
...
NastyNutsu
7 months, 1 week ago
1. Save as > Save as Event Type 2. Event Actions > Build Event Type 3. Setting > Event Types CD are the correct answer
upvoted 1 times
...
StevenBzh
1 year, 8 months ago
C, but also D is valid (check the UI)
upvoted 2 times
...
Dree_Dogg
1 year, 10 months ago
C and D are correct
upvoted 1 times
...
CactiAZ
1 year, 11 months ago
C and D are both ways to create a new event type
upvoted 1 times
...
Mntman77
2 years, 2 months ago
C&D I think: There are two ways to create an event type after we have decided the search criteria. One is to run a search and then save it as an Event Type. Another is to add a new Event Type from the settings tab. We will see both the ways of creating it in this section.
upvoted 1 times
...
Harrysa
2 years, 3 months ago
C and d are the correct answers. You can go into into an event, on the drop down event actions button select - 'Build Event Type'
upvoted 1 times
...
raizen11
2 years, 3 months ago
C & D are correct
upvoted 1 times
...
Ailen_Man
3 years, 2 months ago
answer is ACD
upvoted 2 times
...
RayObbes
3 years, 2 months ago
It's both C & D.
upvoted 1 times
...
KEGOO
3 years, 8 months ago
There are 4 ways to create an event type: 1-Using Search 2-Using Build Event Type Utility 3-Using Splunk Web 4-Configuration files (eventtypes.conf)
upvoted 1 times
...
teems5uk
3 years, 9 months ago
C and D are the right answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel