Fiszki
Splunk
Test w formie fiszek
Ilość pytań: 84
Rozwiązywany: 815 razy
When viewing the results of a search, what is an Interesting Field?
A field that appears in the top 10 events.
A field that appears in at least 20% of the events.
A field that appears in every event.
A field that appears in any event.
A field that appears in at least 20% of the events.
When a Splunk search generates calculated data that appears in the Statistics tab, in what formats can the results be exported?
Raw Events, XML, JSON
Raw Events, CSV, XML, JSON
CSV, XML, JSON
CSV, JSON, PDF
CSV, XML, JSON
Which search matches the events containing the terms “error” and “fail”?
index=security NOT error NOT fail
index=security “error failure”
index=security Error Fail
index=security error OR fail
index=security Error Fail
Which of the following fields is stored with the events in the index?
sourceIp
location
user
source
source
Which of the following is the recommended way to create multiple dashboards displaying data from the same search?
Save the search as a dashboard panel for each dashboard that needs the data.
Save the search as a report and use it in multiple dashboards as needed.
Export the results of the search to an XML file and use the file as the basis of the dashboards.
Save the search as a scheduled alert and use it in multiple dashboards as needed.
Save the search as a report and use it in multiple dashboards as needed.
What does the following specified time range do?
earliest=-72h@h latest=@d
Look back 72 hours, up to one day ago.
Look back 72 hours, up to the end of today
Look back from 3 days ago, up to the beginning of today
Look back 3 days ago and prior.
Look back from 3 days ago, up to the beginning of today
Which events will be returned by the following search string?
host=www3 status=503
All events with a host of www3 that also have a status of 503.
All events that either have a host of www3 or a status of 503.
We need more information; a search cannot be run without specifying an index.
We need more information; we cannot tell without knowing the time range.
All events with a host of www3 that also have a status of 503.
What does the stats command do?
Calculates statistics on data that matches the search criteria.
Automatically correlates related fields.
Analyzes numerical fields for their ability to predict another discrete field.
Converts field values into numerical values.
Calculates statistics on data that matches the search criteria.
Which is primary function of the timeline located under the search bar?
To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.
To sort the events returned by the search command in chronological order.
To zoom in and zoom out, although this does not change the scale of the chart.
To differentiate between structured and unstructured events in the data.
To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.
What can be configured using the Edit Job Settings menu?
Export the result to CSV format.
Schedule the Job to re-run in 10 minutes.
Add the Job results to a dashboard.
Change Job Lifetime from 10 minutes to 7 days.
Change Job Lifetime from 10 minutes to 7 days.
Which command is used to validate a lookup file?
| lookup products.csv
inputlookup products.csv
| lookup_definition products.csv
| inputlookup products.csv
| inputlookup products.csv
How can another user gain access to a saved report?
The owner of the report can edit permissions from the Edit dropdown.
The owner of the report must clone the original report and save it to their user account.
Anyone can access any reports marked as public within a shared Splunk deployment.
Only users with an Admin or Power User role can access other users’ reports.
The owner of the report can edit permissions from the Edit dropdown.
What is the primary use for the rare command?
To find the least common values of a field in a dataset.
To return only fields containing five of fewer values.
To sort field values in descending order.
To find the fields with the fewest number of values across a dataset.
To find the least common values of a field in a dataset.
What happens when a field is added to the Selected Fields list in the fields sidebar?
The selected field and its corresponding values will appear underneath the events in the search results.
Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.
Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.
Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.
The selected field and its corresponding values will appear underneath the events in the search results.
Three basic components of Splunk are (Choose three.):
Forwarders
Deployment Server
Indexer
Search Head
Knowledge Objects
Index
Forwarders
Indexer
Search Head
What is Splunk?
Splunk is a software platform to search, analyze and visualize the machine-generated data.
Database management tool.
Cloud based application that help in analyzing logs.
Security Information and Event Management (SIEM).
Splunk is a software platform to search, analyze and visualize the machine-generated data.
Splunk Enterprise is used as a Scalable service in Splunk Cloud.
False
True
True
Which component of Splunk let us write SPL query to find the required data?
Heavy Forwarders
Forwarders
Indexer
Search head
Search head
All components are installed and administered in Splunk Enterprise on-premise.
False
True
True
Which is the default app for Splunk Enterprise?
Splunk apps for Security
Splunk Enterprise Security Suite
Searching and Reporting
Reporting and Searching
Searching and Reporting