Splunk SPLK-1002 Actual Questions

The CIM Add-on manual contains the descriptions of the data models that come with the Splunk Common Information Model (CIM) Add-on, as well as how to set up, use, and customize the add-on.

References

CIM Add-on manual

Splunk Common Information Model (CIM) | Splunkbase

Understand and use the Common Information Model Add-on - Splunk

The type of workflow action that sends field values to an external resource (e.g. a ticketing system) is POST. A POST workflow action allows you to send a POST request to a URI location with field values or static values as arguments. For example, you can use a POST workflow action to create a ticket in an external system with information from an event.

The correct answer is C. ‘weekly_sales (3.99, 10)’. This is because search macros accept arguments without quotation marks or dollar signs, and the number of arguments must match the number of parameters defined in the macro. The other options are incorrect because they either use quotation marks or dollar signs around the arguments, or they provide a different number of arguments than the macro expects. You can learn more about how to use search macros in searches from the Splunk documentation1.