A.  

B.  

C.  

D.  

A.  

Use the rex command.

B.  

Use the Field Extractor and manually edit the generated regular expression.

C.  

Use the Field Extractor and let it automatically generate a regular expression.

D.  

Use the erex command.

A.  

[ index::sales 192 AND 10 AMD 178 AND 170 ]

B.  

[ index::sales AND 469 10 702 390 ]

C.  

[ 192 AND 10 AND 178 AND 170 Index::sales ]

D.  

[ AND 10 170 178 192 Index::sales ]

A.  

Run an eval statement based on a user clicking a value on a form.

B.  

Set a token to select a value from the time range picker.

C.  

Pass a token from a drilldown to modify index settings.

D.  

Cancel all jobs based on the number of search job results captured.

A.  

values

B.  

sum

C.  

count

D.  

list

A.  

NOT [inputlookup baditems.csv]

B.  

NOT (lookup baditems.csv OUTPUT item)

C.  

WHERE item NOT IN (baditems.csv)

D.  

[NOT inputlookup baditems.csv]

A.  

GPX or GML files

B.  

TXT files

C.  

KMZ or KML files

D.  

CSV files

A.  

. . . | makemv delim{product, “,”}

B.  

. . . | eval mvexpand{makemv{product, “,”})

C.  

. . . | mvexpand product

D.  

. . . | makemv delim=”,” product

A.  

mvcombine

B.  

eval

C.  

makemv

D.  

list

A.  

stats, target, set, and unset

B.  

stats, target, change, and clear

C.  

eval, link, change, and clear

D.  

eval, link, set, and unset

A.  

Use complex expressions rather than simple ones.

B.  

Avoid backtracking.

C.  

Use greedy operators (. *) instead of non-greedy operators (. *? ).

D.  

Use * rather than +.

A.  

Use the lookup dropdown in the alert configuration window.

B.  

Follow a lookup with an alert command in the search bar.

C.  

Run a search that uses a lookup and save as an alert.

D.  

Upload a lookup file directly to the alert.

A.  

Run the | previous_searches command to troubleshoot your SPL queries.

B.  

Go to the Troubleshooting dashboard of me Searching and Reporting app.

C.  

Delete the dashboard and start over.

D.  

Create an HTML panel using tokens to verify that they are being set.

A.  

Indexer

B.  

Search head

C.  

Universal forwarder

D.  

Master node

A.  

untable and/or xyseries

B.  

stats and/or eval

C.  

mvexpand and/or where

D.  

bin and/or where

A.  

True, False, Unknown

B.  

Number, Siring, Bool

C.  

Number, String, Null

D.  

Field, Value, Lookup

A.  

date_zone

B.  

date minute

C.  

date_year

D.  

date_day

A.  

Double tick marks around the nested macro.

B.  

A comma before the nested macro.

C.  

Square brackets around the nested macro.

D.  

A pipe character before the nested macro.

A.  

B.  

C.  

D.  

A.  

They can be reset by an event handler.

B.  

The final input has no impact on previous inputs.

C.  

Only the final input of the sequence can supply a token to searches.

D.  

Inputs added to panels can not participate.

A.  

It is used with a subsearch and only accesses real-lime searches.

B.  

It is used with a subsearch and oily accesses historical data.

C.  

It cannot be used with a subsearch and only accesses historical data.

D.  

It cannot be used with a subsearch and only accesses real-time searches.