SPLUNK - INTRO TO SPLUNK QUIZ, SPLUNK: USING
FIELDS, SPLUNK - VISUALIZATIONS QUIZ
Which function is used to send field values externally in Workflow Actions?
GET
POST
Search
PUT - Answers- POST
Which statements best describe an Event Type. Select all that apply.
Allow users to interact with web resources
Categorizes events based on search constraints
Can be used to normalize field names, tags and field extractions
tags, field extractions - Answers- Categorizes events based on search constraints
Can be used to normalize field names, tags and field extractions
Select all knowledge objects.
field aliases
workflow actions
lookups
users - Answers- field aliases
workflow actions
lookups
Which statement best describes the function of a Workflow Action
Retrieves information from an external source
Allows users to interact with web resources
Sends field values to an external source
Uses field values to perform a secondary search - Answers- Retrieves information from
an external source
Sends field values to an external source
Allows users to interact with web resources
Uses field values to perform a secondary search
If you have a tag label called "homeoffice" associated with the field/value pair
system_ip=<your ip address>, when you run a search using the tag=homeoffice
constraint, what events will be returned?
events from _internal
field lookup table
, events with the value of the system_ip field equal to your ip address - Answers- events
with the value of the system_ip field equal to your ip address
Field aliases are applied after _________ and before ________ . Select all that apply.
field extractions, lookups
field extractions, tags
lookups, field extractions
tags, field extractions - Answers- field extractions, lookups
field extractions, tags
True or False: Splunk knowledge objects can only be used privately. - Answers- FALSE
To perform a secondary search, use a _______ workflow action
POST
GET
Search
PUT - Answers- Search
Which workflow actions require you to specify if the behavior should open in a new
window or current window? Select all that apply.
GET
PUT
Search
POST - Answers- GET
Search
POST
When adding arguments to a macro, include the number of arguments in_____
Parentheses after the macro name
Using the pipe function
Parentheses before the macro name
Dollar signs with the search definition - Answers- Parentheses after the macro name
Which of the following are ways you can create an event type. Select all that apply.
Run a search, then save as Event Type
From event details, select Event Actions > Build Event Type
Settings > Event types > "New Event Type" - Answers- Run a search, then save as
Event Type
Settings>Event types>"New Event Type"
From event details, select Event Actions>Build Event Type
FIELDS, SPLUNK - VISUALIZATIONS QUIZ
Which function is used to send field values externally in Workflow Actions?
GET
POST
Search
PUT - Answers- POST
Which statements best describe an Event Type. Select all that apply.
Allow users to interact with web resources
Categorizes events based on search constraints
Can be used to normalize field names, tags and field extractions
tags, field extractions - Answers- Categorizes events based on search constraints
Can be used to normalize field names, tags and field extractions
Select all knowledge objects.
field aliases
workflow actions
lookups
users - Answers- field aliases
workflow actions
lookups
Which statement best describes the function of a Workflow Action
Retrieves information from an external source
Allows users to interact with web resources
Sends field values to an external source
Uses field values to perform a secondary search - Answers- Retrieves information from
an external source
Sends field values to an external source
Allows users to interact with web resources
Uses field values to perform a secondary search
If you have a tag label called "homeoffice" associated with the field/value pair
system_ip=<your ip address>, when you run a search using the tag=homeoffice
constraint, what events will be returned?
events from _internal
field lookup table
, events with the value of the system_ip field equal to your ip address - Answers- events
with the value of the system_ip field equal to your ip address
Field aliases are applied after _________ and before ________ . Select all that apply.
field extractions, lookups
field extractions, tags
lookups, field extractions
tags, field extractions - Answers- field extractions, lookups
field extractions, tags
True or False: Splunk knowledge objects can only be used privately. - Answers- FALSE
To perform a secondary search, use a _______ workflow action
POST
GET
Search
PUT - Answers- Search
Which workflow actions require you to specify if the behavior should open in a new
window or current window? Select all that apply.
GET
PUT
Search
POST - Answers- GET
Search
POST
When adding arguments to a macro, include the number of arguments in_____
Parentheses after the macro name
Using the pipe function
Parentheses before the macro name
Dollar signs with the search definition - Answers- Parentheses after the macro name
Which of the following are ways you can create an event type. Select all that apply.
Run a search, then save as Event Type
From event details, select Event Actions > Build Event Type
Settings > Event types > "New Event Type" - Answers- Run a search, then save as
Event Type
Settings>Event types>"New Event Type"
From event details, select Event Actions>Build Event Type
