Splunk Guides d'étude, Notes de cours & Résumés

This administrator installs, configures, and manages Splunk Components. - Answer- System Administrator This administrator manages configuration files and monitors MC while responding to health alerts. - Answer- System Administrator This administrator deploys changes to environment and documents/manages newly ingested data sources. - Answer- Data Administrator This administrator manages indexes and Splunk apps. - Answer- System Administrator Manages parsing, event line breaking, times...

Splunk Core Certified User & Splunk Fundamentals 1 Questions and Answers Graded A+ T/F: Machine data is always structured. False. Machine data can be structured or unstructured. Machine data makes up for more than ___% of the data accumulated by organizations. 90 Brainpower Read More Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:01 / 0:15 Full screen T/F: Machine data is only generated by web servers. False Search requests are p...

1. How can another user gain access to saved report? CORRECT ANSWER The owner of the report can edit permissions from the Edit dropdown. 1. What happens when a field is added to selected fields list in the field sidebar? CORRECT ANSWER The selected field and its corresponding value will appear underneath the event in the search field. Which of the following are functions of the stats command? CORRECT ANSWER Sum, Avg, Values 1. When editing a dashboard, which of the following are possibl...

Splunk Core User Practice Exam questions with correct answers

A calculated field maybe based on which of the following? A. Lookup tables B. Extracted fields C. Regular expressions D. Fields generated within a search string CORRECT ANSWER B. Extracted fields Which are valid ways to create an event type? (select all that apply) A. By using the searchtypes command in the search bar. B. By editing the event_type stanza in the file. C. By going to the Settings menu and clicking Event Types > New. D. By selecting an event in search results and cli...

101 Which of the following accurately describes HTTP Event Collector indexer acknowledgement? A. It requires a separate channel provided by the client. B. It is configured the same as indexer acknowledgement used to protect in-flight data. C. It can be enabled at the global setting level. D. It stores status information on the Splunk server. CORRECT ANSWER A. It requires a separate channel provided by the client. What action is required to enable forwarder management in Splunk Web? A. N...

Splunk SPLK-1002 questions with correct answers

When performing a regular expression (regex) field extraction using the Field Extractor (FX), what happens when the require option is used? A. The regex can no longer be edited. B. The field being extracted will be required for all future events. C. The events without the required field will not display in searches. D. Only events with the required string will be included in the extraction. CORRECT ANSWER ANSWER: D Which of the following statements describe data model acceleration? (se...

Selected fields are displayed ________ each event in the results. a. below b. interesting fields c. other fields d. above CORRECT ANSWER a. below Search terms are not case sensitive. (T/F) CORRECT ANSWER True These two searches will NOT return the same results. SEARCH 1:login failure SEARCH 2: "login failure" (T/F) CORRECT ANSWER True A space is implied ______________ in a search string. a. OR b. AND c. () d. NOT CORRECT ANSWER b. AND You can not specify a relative ti...

A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives. Which of the following options is most likely to help performance? A. Change the search heads to do local indexing of summary searches. B. I...