SPLK-1002 Exam Dumps

Explanation: Field aliases in Splunk are alternate names assigned to fields. These can be particularly useful for normalizing data from different sources or simply for making field names more intuitive. Once an alias is created for a field, it can be used across various Splunk knowledge objects, enhancing their flexibility and utility.
A. Calculated fields, lookups, event types, and tags: This is the correct answer. Field aliases can indeed be referenced in calculated fields, lookups, event types, and tags within Splunk. When you create an alias for a field, that alias can then be used in these knowledge objects just like any standard field name.
Calculated fields: These are expressions that can create new field values based on existing data. You can use an alias in a calculated field expression to refer to the original field.
Lookups: These are used to enrich your event data by referencing external data sources. If you've created an alias for a field that matches a field in your lookup table, you can use that alias in your lookup configurations.
Event types: These are classifications for events that meet certain search criteria. You can use field aliases in the search criteria for defining an event type.
Tags: These allow you to assign meaningful labels to data, making it easier to search and report on. You can use field aliases in the search criteria that you tag.

Explanation:
The correct answer is B. Calculated fields can be chained together to create more complex fields.
Calculated fields are fields that are added to events at search time by using eval expressions. They can be used to perform calculations with the values of two or more fields already present in those events. Calculated fields can be defined with Splunk Web or in the props.conf file.They can be used insearches, reports, dashboards, and data models like any other extracted field1.
Calculated fields can also be chained together to create more complex fields. This means that you can use a calculated field as an input for another calculated field. For example, if you have a calculated field namedtotalthat sums up the values of two fields namedpriceandtax, you can use thetotalfield to create another calculated field nameddiscountthat applies a percentage discount to thetotalfield. To do this, you need to define thediscountfield with an eval expression that references thetotalfield, such as:
discount = total * 0.9
This will create a new field named discount that is equal to 90% of thetotalfield value for each event2. 

Explanation: The transaction command allows you to correlate events across multiple sources. The transaction command is a search command that allows you to group events into transactions based on some common characteristics, such as fields, time, or both. A transaction is a group of events that share one or more fields that relate them to each other. A transaction can span across multiple sources or sourcetypes that have different formats or structures of data. The transaction command can help you correlate events across multiple sources by using the common fields as the basis for grouping. The transaction command can also create some additional fields for each transaction, such as duration, eventcount, startime, etc.