Testy Fiszki Notatki

Zaloguj

Fiszki

Splunk

Test w formie fiszek

Ilość pytań: 84 Rozwiązywany: 2092 razy

What syntax is used to link key/value pairs in search strings?

Relational operators such as =, <, or >

Quotation marks

Parentheses

@ or # symbols

Relational operators such as =, <, or >

Which search string returns a filed containing the number of matching events and names that field Event Count?

index=security failure | stats dc(count) as “Event Count”

index=security failure | stats count as “Event Count”

index=security failure | stats count by “Event Count”

index=security failure | stats sum as “Event Count”

index=security failure | stats count as “Event Count”

Which of the following index searches would provide the most efficient search performance?

index=*

(index=web OR index=sales)

*index=sales AND index=web*

index=web OR index=s*

(index=web OR index=sales)

What is a suggested Splunk best practice for naming reports?

Any naming convention is fine as long as you keep an external spreadsheet to keep track.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

Name reports as uniquely as possible with no overlap to differentiate them from one another.

Reports are best named using many numbers so they can be more easily sorted.

Use a consistent naming convention so they are easily separated by characteristics such as group and object.

Which of the following are functions of the stats command?

count, sum, add

sum, values, table

sum, avg, values

count, sum, less

sum, avg, values

At index time, in which field does Splunk store the timestamp value?

_time

time

timestamp

EventTime

_time

When looking at a dashboard panel that is based on a report, which of the following is true?

You cannot modify the search string in the panel, and you cannot change and configure the visualization

You can modify the search string in the panel, and you can change and configure the visualization.

You cannot modify the search string in the panel, but you can change and configure the visualization.

You can modify the search string in the panel, but you cannot change and configure the visualization.

You can modify the search string in the panel, and you can change and configure the visualization.

What is a primary function of a scheduled report?

Triggering an alert in your Splunk instance when certain conditions are met.

Auto-generated PDF reports of overall data trends.

Regularly scheduled archiving to keep disk space use low.

Auto-detect changes in performance.

Auto-generated PDF reports of overall data trends.

Which command is used to review the contents of a specified static lookup file?

outputlookup

lookup

csvlookup

inputlookup

Which stats command function provides a count of how many unique values exist for a given field in the result set?

distinct-count(field)

dc(field)

count(field)

count-by(field)

dc(field)

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

A role

An enhanced solution

An app

JSON

An app

Which statement is true about Splunk alerts?

Alerts are based on searches and when triggered will only send an email notification.

Alerts are based on searches and require cron to run on scheduled interval.

Alerts are based on searches that are either run on a scheduled interval or in real-time.

Alerts are based on searches that are run exclusively as real-time.

Alerts are based on searches that are either run on a scheduled interval or in real-time.

What is the purpose of using a by clause with the stats command?

To specify how the values in a list are delimited.

To group the results by one or more fields.

To partition the input data based on the split-by fields.

To compute numerical statistics on each field.

To group the results by one or more fields.

In the fields sidebar, which character denotes alphanumeric field values?

Which of the following searches will return results where fail, 400, and error exist in every event?

error AND (fail AND 400)

error AND (fail OR 400)

error OR (fail and 400)

error OR fail OR 400

error AND (fail AND 400)

When placed early in a search, which command is most effective at reducing search execution time?

sort –

fields +

rename

dedup

fields +

Which of the following is the most efficient filter for running searches in Splunk?

Fast mode

Sourcetype

Time

Selected Fields

Time

Which of the following is a best practice when writing a search string?

Include the search terms at the beginning of the search string.

Include at least one function as this is a search requirement.

Include all formatting commands before any search terms.

Avoid using formatting clauses, as they add too much overhead.

Include the search terms at the beginning of the search string.

What type of search can be saved as a report?

Any search can be saved as a report.

Only searches that generate visualizations.

Only searches containing a transforming command.

Only searches that generate statistics or visualizations.

Any search can be saved as a report.

What can be included in the All Fields option in the sidebar?

Dashboards

Field descriptions

Non-interesting fields

Metadata only

Non-interesting fields

Początek Pokaż poprzednie pytania Pokaż kolejne pytania

Powiązane tematy

Inne tryby

Nauka Test Powtórzenie