Fiszki
Splunk
Test w formie fiszek
Ilość pytań: 84
Rozwiązywany: 808 razy
Which of the following Splunk components typically resides on the machines where data originates?
Search head
Indexer
Forwarder
Deployment server
Forwarder
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
(index=netfw failure) OR index=netops OR (warn OR critical)
(index=netfw failure) OR (index=netops (warn OR critical))
(index=netfw failure) AND index=netops warn OR critical
(index=netfw failure) AND (index=netops (warn OR critical))
(index=netfw failure) OR (index=netops (warn OR critical))
Select the answer that displays the accurate placing of the pipe in the following search string:
index=security sourcetype=access_* status=200 stats count by price
index=security sourcetype=access_* | status=200 | stats count by price
index=security sourcetype=access_* status=200 stats | count by price
index=security sourcetype=access_* status=200 | stats count by price
index=security sourcetype=access_* status=200 | stats count | by price
index=security sourcetype=access_* status=200 | stats count by price
Which of the following represents the Splunk recommended naming convention for dashboards?
Group_Description_Object
Object_Group_Description
Description_Group_Object
Group_Object_Description
Group_Object_Description
How can search results be kept longer than 7 days?
By creating a link to the job.
By changing the time range picker to more than 7 days.
By changing the job settings.
By scheduling a report.
By scheduling a report.
Which of the following is a Splunk search best practice?
Never specify more than one index.
Include as few search terms as possible.
Use wildcards to return more search results.
Filter as early as possible.
Filter as early as possible.
When displaying results of a search, which of the following is true about line charts?
Line charts are optimal for multiple series with 3 or more columns.
Line charts are optimal for single series when using Fast mode.
Line charts are optimal for multiseries searches with at least 2 or more columns
Line charts are optimal for single and multiple series.
Line charts are optimal for single and multiple series.
How are events displayed after a search is executed?
Randomly by default.
Alphabetically according to field name.
In reverse chronological order.
In chronological order
In reverse chronological order.
Which of the following is true about user account settings and preferences?
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
Full names can only be changed by accounts with a Power User or Admin role.
Time zones are automatically updated based on the setting of the computer accessing Splunk.
Search & Reporting is the only app that can be set as the default application.
Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.
After running a search, what effect does clicking and dragging across the timeline have?
Expands the time range of the search.
Filters current search results.
Moves to past or future events.
Executes a new search.
Filters current search results.
What must be done in order to use a lookup table in Splunk?
The lookup must be configured to run automatically.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
The lookup file must be uploaded to the etc/apps/lookups folder for automatic ingestion
The contents of the lookup file must be copied and pasted into the search bar.
The lookup file must be uploaded to Splunk and a lookup definition must be created.
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
!
|
$
,
,
Which of the following statements about case sensitivity is true?
Field names ARE case sensitive; field values are NOT.
Both field names and field values ARE case sensitive.
Field values ARE case sensitive; field names ARE NOT.
Both field names and field values ARE NOT case sensitive.
Field names ARE case sensitive; field values are NOT.
What does the rare command do?
Returns the least common field values of a given field in the results.
Returns the most common field values of a given field in the results.
Returns the top 10 field values of a given field in the results.
Returns the lowest 10 field values of a given field in the results.
Returns the least common field values of a given field in the results.
What does the values function of the stats command do?
Lists unique values of a given field.
Lists all values of a given field.
Returns the number of events that match the search.
Returns a count of unique values for a given field.
Lists unique values of a given field.
How do you add or remove fields from search results?
Use fields Plus to add and fields Minus to remove.
Use field +to add and field -to remove.
Use table +to add and table -to remove.
Use fields +to add and fields –to remove.
Use fields +to add and fields –to remove.
What is the main requirement for creating visualizations using the Splunk UI?
Your search must transform event data into statistical data tables first.
Your search must transform event data into JSON formatted data first.
Your search must transform event data into XML formatted data first.
Your search must transform event data into Excel file format first.
Your search must transform event data into statistical data tables first.
What syntax is used to link key/value pairs in search strings?
action+purchase
action | purchase
action equal purchase
action=purchase
action=purchase
What user interface component allows for time selection?
Time range picker
Search time picker
Time summary
Data source time statistics
Time range picker
How does Splunk determine which fields to extract from data?
Splunk automatically extracts any fields that generate interesting visualizations.
Splunk only extracts fields users have manually specified in their data.
Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.
Splunk only extracts the most interesting data from the last 24 hours.
Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data.