Fiszki
Splunk
Test w formie fiszek
Ilość pytań: 84
Rozwiązywany: 812 razy
What syntax is used to link key/value pairs in search strings?
Quotation marks
Relational operators such as =, <, or >
@ or # symbols
Parentheses
Relational operators such as =, <, or >
Which search string returns a filed containing the number of matching events and names that field Event Count?
index=security failure | stats sum as “Event Count”
index=security failure | stats count as “Event Count”
index=security failure | stats count by “Event Count”
index=security failure | stats dc(count) as “Event Count”
index=security failure | stats count as “Event Count”
Which of the following index searches would provide the most efficient search performance?
*index=sales AND index=web*
index=*
index=web OR index=s*
(index=web OR index=sales)
(index=web OR index=sales)
What is a suggested Splunk best practice for naming reports?
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Name reports as uniquely as possible with no overlap to differentiate them from one another.
Any naming convention is fine as long as you keep an external spreadsheet to keep track.
Reports are best named using many numbers so they can be more easily sorted.
Use a consistent naming convention so they are easily separated by characteristics such as group and object.
Which of the following are functions of the stats command?
count, sum, less
sum, avg, values
count, sum, add
sum, values, table
sum, avg, values
At index time, in which field does Splunk store the timestamp value?
time
_time
EventTime
timestamp
_time
When looking at a dashboard panel that is based on a report, which of the following is true?
You can modify the search string in the panel, and you can change and configure the visualization.
You cannot modify the search string in the panel, and you cannot change and configure the visualization
You can modify the search string in the panel, but you cannot change and configure the visualization.
You cannot modify the search string in the panel, but you can change and configure the visualization.
You can modify the search string in the panel, and you can change and configure the visualization.
What is a primary function of a scheduled report?
Triggering an alert in your Splunk instance when certain conditions are met.
Auto-detect changes in performance.
Auto-generated PDF reports of overall data trends.
Regularly scheduled archiving to keep disk space use low.
Auto-generated PDF reports of overall data trends.
Which command is used to review the contents of a specified static lookup file?
lookup
csvlookup
outputlookup
inputlookup
inputlookup
Which stats command function provides a count of how many unique values exist for a given field in the result set?
count-by(field)
count(field)
dc(field)
distinct-count(field)
dc(field)
A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?
An enhanced solution
A role
JSON
An app
An app
Which statement is true about Splunk alerts?
Alerts are based on searches and require cron to run on scheduled interval.
Alerts are based on searches that are run exclusively as real-time.
Alerts are based on searches and when triggered will only send an email notification.
Alerts are based on searches that are either run on a scheduled interval or in real-time.
Alerts are based on searches that are either run on a scheduled interval or in real-time.
What is the purpose of using a by clause with the stats command?
To partition the input data based on the split-by fields.
To group the results by one or more fields.
To specify how the values in a list are delimited.
To compute numerical statistics on each field.
To group the results by one or more fields.
In the fields sidebar, which character denotes alphanumeric field values?
a
%
a#
#
a
Which of the following searches will return results where fail, 400, and error exist in every event?
error OR (fail and 400)
error OR fail OR 400
error AND (fail AND 400)
error AND (fail OR 400)
error AND (fail AND 400)
When placed early in a search, which command is most effective at reducing search execution time?
dedup
rename
fields +
sort –
fields +
Which of the following is the most efficient filter for running searches in Splunk?
Fast mode
Time
Selected Fields
Sourcetype
Time
Which of the following is a best practice when writing a search string?
Avoid using formatting clauses, as they add too much overhead.
Include at least one function as this is a search requirement.
Include all formatting commands before any search terms.
Include the search terms at the beginning of the search string.
Include the search terms at the beginning of the search string.
What type of search can be saved as a report?
Only searches that generate visualizations.
Only searches that generate statistics or visualizations.
Only searches containing a transforming command.
Any search can be saved as a report.
Any search can be saved as a report.
What can be included in the All Fields option in the sidebar?
Dashboards
Metadata only
Non-interesting fields
Field descriptions
Non-interesting fields