Splunk Certification Exam 87 Questions with Answers 2023,100% CORRECT

Document Content and Description Below

Splunk Certification Exam 87 Questions with Answers 2023 5 Main components of Splunk ES - CORRECT ANSWER Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. W ... hat does index data do? (3) - CORRECT ANSWER 1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) - CORRECT ANSWER Admin, Power, User An admin does what? - CORRECT ANSWER Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? - CORRECT ANSWER Creates and shares knowledge objects for users of app, real-time searches A Splunk user does what? - CORRECT ANSWER Only see own knowledge objects and those shared to them. Apps in Splunk? - CORRECT ANSWER 1. Pre-built dashboards, reports, alerts and workflows 2. In-depth data analysis for power users 3. Search & Reporting What does the search and reporting app do in splunk? - CORRECT ANSWER Creates knowledge objects, reports, and dashboards The seven main components in splunk searching and reporting? - CORRECT ANSWER 1. Splunk bar 2. App bar 3. Search bar 4. Time range picker 5. How to search panel 6. What to search panel 7. Search History What does the time range picker do? - CORRECT ANSWER Allow search by preset times, relative times. Real time (earliest, latest), date range. Retrieve events over a specific time period. Limiting search by ___________ is key to faster results and is a best practice - CORRECT ANSWER time The time range picker is set to _________ by default. - CORRECT ANSWER All-time Search jobs are available after ____ minutes by default. - CORRECT ANSWER 10 ________ commands create statistics and visualizations. - CORRECT ANSWER Transforming ________ tab is default tab for searches - CORRECT ANSWER Event What are the three main search modes? - CORRECT ANSWER Fast, Verbose, and Smart _______ mode discovery off for event searches. No event or field data for stats searches. - CORRECT ANSWER Fast ______ mode all events and field data; switches to this mode after visualization - CORRECT ANSWER Verbose ______ mode (default-based on search string data). Field discovery ON for event searches. No event or field data for stats searches. - CORRECT ANSWER Smart This search action button "Job V" does what? - CORRECT ANSWER Edit job settings, send job to background, inspect and delete job. Saved searches are set to ______ by default. - CORRECT ANSWER private Timestamp seen in events is based on______setting in user account profile - CORRECT ANSWER time zone List the three booleans - CORRECT ANSWER AND OR NOT ________boolean is used if none is implied. - CORRECT ANSWER AND Exact phrases use______ - CORRECT ANSWER quotes Use a _______ for searching a string with quotes in the string. - CORRECT ANSWER Backslash Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database " Three default search fields automatically selected? - CORRECT ANSWER Source, Host, Sourcetype _______ sidebar shows all field extracted at search time. - CORRECT ANSWER Fields _______ Fields appear in event, default-host, sourcetype, source - CORRECT ANSWER Selected _______ fields have values in at least 20% of the events - CORRECT ANSWER Interesting Clicking on a field shows a list of _______, ________, and ________. - CORRECT ANSWER values, count, and percentage These fields can launch a quick report by clicking on them (4) - CORRECT ANSWER top values, top values by time, rare values, events with this field Use ______ to limit search to only one sourcetype - CORRECT ANSWER sourcetype= Field names _____ case sensitive- Values _______ case sensitive - CORRECT ANSWER are, are not The field operators are used with numerical string values (symbols) - CORRECT ANSWER = != --> These symbols are only used with numerical values? - CORRECT ANSWER > >= < <= --> Using _____ and ____ (symbols) would return the same results. - CORRECT ANSWER NOT, != Use _______ to nest boolean searches - CORRECT ANSWER parenthesis ______ is better than exclusion - CORRECT ANSWER inclusion Use _____ for searches - CORRECT ANSWER time When creating reports you can edit, clone, embed, and delete under the ______ tab - CORRECT ANSWER report What are search commands used for? - CORRECT ANSWER Creating charts, computing statistics, and formatting Top command returns top ____ results with a count and percentage - CORRECT ANSWER 10 What are the three ways to create visualizations? - CORRECT ANSWER 1. Select a field from the fields sidebar 2. Use the pivot interface 3. Use the Splunk search language commands in the search bar with statistics and visualization tabs Save visual reports as _______ or _______ - CORRECT ANSWER report or dashboard pannel Dashboards are searches gathered together and can use _______input or ________ visualization - CORRECT ANSWER form or custom ________ is an action that a saved search triggers based on the results of the search - CORRECT ANSWER Alert ________ designs reports in simple interface without having to craft a search string - CORRECT ANSWER Pivot Default time for pivot is ______ - CORRECT ANSWER all the time Data model is framework and ______ is interface to the data - CORRECT ANSWER pivot ________ interface is the total amount of purchases, documentation actions, job actions, tools to filter/slice up data, and a side bar? - CORRECT ANSWER Pivot _______ object is the main source of data - CORRECT ANSWER Root _______ object acts like an AND boolean - CORRECT ANSWER Child _________ pivot allows instant access to data without having a data model - CORRECT ANSWER Instant Alerts combine a _______ search. - CORRECT ANSWER Saved The alerts use a _______ search to check for events. - CORRECT ANSWER saved Adjust the ______ type to configure how often the search runs - CORRECT ANSWER alert Use ________ alert to check for events on a regular basis - CORRECT ANSWER Scheduled _______ alert to monitor for events continuously - CORRECT ANSWER Real-time A _______ action can notify you of a triggered alert and help you start responding to it - CORRECT ANSWER alert Search terms include (6) - CORRECT ANSWER Keywords, booleans, phrases, fields, wildcards, and comparisons. Comparison symbols - CORRECT ANSWER =, !=, <=, >, >= ______ is the most efficient filter - CORRECT ANSWER Time Best practices to use while searching in Splunk (4) - CORRECT ANSWER 1. Time is the most efficient filter 2. More you tell search the better your results 3. Inclusion is better than exclusion 4. Filter as early as possible _____ are case insensitive. (components of search language) - CORRECT ANSWER Search terms ______ tell Splunk what we want to do with results (ex. stats) (components of search language) - CORRECT ANSWER Commands ______how we want to deal with results (ex. list) (components of search language) - CORRECT ANSWER Functions ______ variables to apply to function (ex. Product name) (components of search language) - CORRECT ANSWER Arguments _______ how we want results defined. (components of search language) - CORRECT ANSWER Clauses _____ is used to pass current results to the next component - CORRECT ANSWER Pipe _________ command works from left to right - CORRECT ANSWER Search Once and item is filtered _____ it is no longer available in the search string - CORRECT ANSWER Out _____ command include or exclude fields from search results. - CORRECT ANSWER Fields Exclude a field by using ______ symbol - CORRECT ANSWER minus (-) Primary fields _______ and _______ will always be extracted, but can also be removed by using the minus symbol - CORRECT ANSWER _time & _raw Field_____happens after field______only affecting displayed results. - CORRECT ANSWER exclusion, extraction ________ command retains searched data in a tabulated format - CORRECT ANSWER table In regards to a rename command, once a field is renamed the ______ name is not available to later search commands - CORRECT ANSWER original This command removes events with duplicate values - CORRECT ANSWER Dedup This command displays results in ascending or descending order. - CORRECT ANSWER Sort This command combine fields from external sources to searched events, based on event field - CORRECT ANSWER Lookup This command produces statistics of a search result - CORRECT ANSWER Stats command This command shows number of events matching search criteria - CORRECT ANSWER Stats count This command is the sum of numerical value - CORRECT ANSWER Stats Sum command This is a command that preforms stats aggregation against time - CORRECT ANSWER Timechart command ___ split data by an additional field - CORRECT ANSWER by Usenull = _____ will remove NULL values - CORRECT ANSWER f [Show More]

Last updated: 2 years ago

Preview 1 out of 8 pages