SPLUNK 2 Power User Exam 2023 Questions and Answers
Complete
As events come in, Splunk places them into an index's ___________.
hot bucket
What are the only writable buckets?
hot bucket's
As buckets age, they roll from the hot to warm to cold.
True of False?
True
Each bucket has its own raw data, metadata, and index files
True or False?
True
What tracks the source, sourcetype and host information in the index?
Metadata files
When you search, Splunk uses the
time range to choose which buckets to search and then uses the bucket indexes
to find qualifying events.
True or False?
True
Why is time the most efficient filter when searching?
Because events are stored in buckets by time
What are the most powerful keywords after using time as a filter?
Host
Source
Sourcetype
What command can be used to extract (discover) only the fields that you need?
The fields command ( - to remove fields, + to select fields)
What is the correct usage of a wildcard in a search?
Only trailing wildcards make efficient use of the index
Inclusion is generally better than exclusion.
True or False?
True
When do you want to filter in your search?
Early or later?
Filter early in your searches
what is the default search mode in splunk?
smart mode
What are transforming commands used for?
Transforms events into numerical values that you can use for statistical purposes
, what is required to turn search results into visualizations?
Transforming commands
Name the transforming commands:
Top
Rare
Chart
Timechart
Stats
Geostats
Top and rare display how many results by default?
10
Fast mode searches are used to
return only essential and required data
Smart mode searches is designed to
provide you the best results for the search you are running
Verbose mode searches
emphasizes completeness by returning all possible field data.
what can be used to troubleshoot problematic searches
The search job inspector
What can the search job inspector tell you?
How long the search was,
stats of the search,
each stage of the searches time
What are the search job inspectors 3 main components?
Header
Execution costs
Search job properties
all searches can be
visually represented.
True or False?
False
The leftmost column in a statistical search is generally represented as the ___-
axis in a graph
X-axis
What are the 7 chart types?
Line
Area
Column
Bar
Bubble
Scatter
Pie
What chart gives viewers a visual way to see a three dimensional series?
Bubble chart
Complete
As events come in, Splunk places them into an index's ___________.
hot bucket
What are the only writable buckets?
hot bucket's
As buckets age, they roll from the hot to warm to cold.
True of False?
True
Each bucket has its own raw data, metadata, and index files
True or False?
True
What tracks the source, sourcetype and host information in the index?
Metadata files
When you search, Splunk uses the
time range to choose which buckets to search and then uses the bucket indexes
to find qualifying events.
True or False?
True
Why is time the most efficient filter when searching?
Because events are stored in buckets by time
What are the most powerful keywords after using time as a filter?
Host
Source
Sourcetype
What command can be used to extract (discover) only the fields that you need?
The fields command ( - to remove fields, + to select fields)
What is the correct usage of a wildcard in a search?
Only trailing wildcards make efficient use of the index
Inclusion is generally better than exclusion.
True or False?
True
When do you want to filter in your search?
Early or later?
Filter early in your searches
what is the default search mode in splunk?
smart mode
What are transforming commands used for?
Transforms events into numerical values that you can use for statistical purposes
, what is required to turn search results into visualizations?
Transforming commands
Name the transforming commands:
Top
Rare
Chart
Timechart
Stats
Geostats
Top and rare display how many results by default?
10
Fast mode searches are used to
return only essential and required data
Smart mode searches is designed to
provide you the best results for the search you are running
Verbose mode searches
emphasizes completeness by returning all possible field data.
what can be used to troubleshoot problematic searches
The search job inspector
What can the search job inspector tell you?
How long the search was,
stats of the search,
each stage of the searches time
What are the search job inspectors 3 main components?
Header
Execution costs
Search job properties
all searches can be
visually represented.
True or False?
False
The leftmost column in a statistical search is generally represented as the ___-
axis in a graph
X-axis
What are the 7 chart types?
Line
Area
Column
Bar
Bubble
Scatter
Pie
What chart gives viewers a visual way to see a three dimensional series?
Bubble chart
