Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SPLUNK II > From SPLUNK vce hard Q's > Flashcards

From SPLUNK vce hard Q's Flashcards

1
Q

Which of the following statements describe data model acceleration? (select all that apply)
A . Root events cannot be accelerated.
B . Accelerated data models cannot be edited.
C . Private data models cannot be accelerated.
D . You must have administrative permissions or the accelerate_datamodel capability to accelerate a data model.

A

B C D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements about data models and pivot are true? (select all that apply)
A . They are both knowledge objects.
B . Data models are created out of datasets called pivots.
C . Pivot requires users to input SPL searches on data models.
D . Pivot allows the creation of data visualizations that present different aspects of a data model.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the relationship between data models and pivots?
A . Data models provide the datasets for pivots.
B . Pivots and data models have no relationship.
C . Pivots and data models are the same thing.
D . Pivots provide the datasets for data models.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the transaction command do?
A . Groups a set of transactions based on time.
B . Creates a single event from a group of events.
C . Separates two events based on one or more values.
D . Returns the number of credit card transactions found in the event logs.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When should transaction be used?
A. Only in a large distributed Splunk environment
B. When calculating results from one or more fields.
C. When event grouping is based on start/end values
D. When grouping events results in over 1000 events in each group

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which Knowledge Object does the Splunk Common Information Model (CIM) use to normalize data, in addition to field aliases, event types, and tags? (Select all that apply)

A. Macros
B. Lookups
C. Workflow actions
D. Field extractions

A

B D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements describe the command below? (Choose all that apply.)

sourcetype=access_combined | transaction JSESSIONID

A. An additional field named maxspan is created.
B. An additional field named duration is created.
C. An additional field named eventcount is created.
D. Events with the same JSESSIONID will be grouped together into a single event.

A

B C D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SPLUNK II (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions