Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk Core Certified User > Intro to Splunk > Flashcards

Intro to Splunk Flashcards

1
Q

When an alert action is configured to run a script, Splunk must be able to locate the script.
Which is one of the directories Splunk will look in to find the script?

A. $SPLUNK_HOME/bin/scripts
B. $SPLUNK_HOME/etc/scripts
C. $SPLUNK_HOME/bin/etc/scripts
D. $SPLUNK_HOME/etc/scripts/bin

A

A. $SPLUNK_HOME/bin/scripts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which Boolean operator is always implied between two search terms, unless otherwise specified?

A. OR
B. NOT
C. AND
D. XOR

A

C. AND

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the values function of the stats command do?

A. Lists all values of a given field.
B. Lists unique values of a given field.
C. Returns a count of unique values for a given field.
D. Returns the number of events that match the search.

A

A. Lists all values of a given field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which stats command function provides a count of how many unique values exist for a given field in the result set?

A. dc(field)
B. count(field)
C. count-by(field)
D. distinct-count(field)

A

A. dc(field)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A collection of items containing things such as data inputs, UI elements, and knowledge objects is known as what?

A. An app
B. JSON
C. A role
D. An enhanced solution

A

A. An app

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which statement is true about Splunk alerts?

A. Alerts are based on searches that are either run on a scheduled interval or in real-time.
B. Alerts are based on searches and when triggered will only send an email notification.
C. Alerts are based on searches and require cron to run on scheduled interval.
D. Alerts are based on searches that are run exclusively as real-time.

A

A. Alerts are based on searches that are either run on a scheduled interval or in real-time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of using a by clause with the stats command?

A. To group the results by one or more fields.
B. To compute numerical statistics on each field.
C. To specify how the values in a list are delimited.
D. To partition the input data based on the split-by fields.

A

A. To group the results by one or more fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do you add or remove fields from search results?

A. Use field +to add and field -to remove.
B. Use table +to add and table -to remove.
C. Use fields + to add and fields - to remove.
D. Use fields Plus to add and fields Minus to remove.

A

C. Use fields + to add and fields - to remove.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A field exists in search results, but isn’t being displayed in the fields sidebar.
How can it be added to the fields sidebar?

A. Click All Fields and select the field to add it to Selected Fields.
B. Click Interesting Fields and select the field to add it to Selected Fields.
C. Click Selected Fields and select the field to add it to Interesting Fields.
D. This scenario isn’t possible because all fields returned from a search always appear in the fields sidebar.

A

A. Click All Fields and select the field to add it to Selected Fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In the fields sidebar, which character denotes alphanumeric field values?

A. #
B. %
C. a
D. a#

A

C. a

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the main requirement for creating visualizations using the Splunk UI?

A. Your search must transform event data into Excel file format first.
B. Your search must transform event data into XML formatted data first.
C. Your search must transform event data into statistical data tables first.
D. Your search must transform event data into JSON formatted data first.

A

B. Your search must transform event data into XML formatted data first.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What syntax is used to link key/value pairs in search strings?

A. action+purchase
B. action=purchase
C. action | purchase
D. action equal purchase

A

B. action=purchase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What user interface component allows for time selection?

A. Time summary
B. Time range picker
C. Search time picker
D. Data source time statistics

A

B. Time range picker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following searches will return results where fail, 400, and error exist in every event?

A. error AND (fail AND 400)
B. error OR (fail and 400)
C. error AND (fail OR 400)
D. error OR fail OR 400

A

C. error AND (fail OR 400)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When placed early in a search, which command is most effective at reducing search execution time?

A. dedup
B. rename
C. sort -
D. fields +

A

A. dedup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which search string only returns events from hostWWW3?

A. host=*
B. host=WWW3
C. host=WWW*
D. Host=WWW3

A

B. host=WWW3

17
Q

By default, how long does Splunk retain a search job?

A. 10 Minutes
B. 15 Minutes
C. 1 Day
D. 7 Days

A

A. 10 Minutes

18
Q

What must be done before an automatic lookup can be created? (Choose all that apply.)

A. The lookup command must be used.
B. The lookup definition must be created.
C. The lookup file must be uploaded to Splunk.
D. The lookup file must be verified using the inputlookup command.

A

B. The lookup definition must be created.

19
Q

Which of the following Splunk components typically resides on the machines where data originates?

A. Indexer
B. Forwarder
C. Search head
D. Deployment server

A

B. Forwarder

20
Q

What determines the scope of data that appears in a scheduled report?

A. All data accessible to the User role will appear in the report.
B. All data accessible to the owner of the report will appear in the report.
C. All data accessible to all users will appear in the report until the next time the report is run.
D. The owner of the report can configure permissions so that the report uses either the User role or the owners profile at run time.

A

D. The owner of the report can configure permissions so that the report uses either the User role or the owners profile at run time.

21
Q

When writing searches in Splunk, which of the following is true about Booleans?

A. They must be lowercase.
B. They must be uppercase.
C. They must be in quotations.
D. They must be in parentheses.

A

B. They must be uppercase.

22
Q

Which of the following searches would return events with failure in index netfw or warn or critical in index netops?

A. (index=netfw failure) AND index=netops warn OR critical
B. (index=netfw failure) OR (index=netops (warn OR critical))
C. (index=netfw failure) AND (index=netops (warn OR critical))
D. (index=netfw failure) OR index=netops OR (warn OR critical)

A

B. (index=netfw failure) OR (index=netops (warn OR critical))

23
Q

Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price

A. index=security sourcetype=access_* status=200 stats | count by price
B. index=security sourcetype=access_* status=200 | stats count by price
C. index=security sourcetype=access_* status=200 | stats count | by price
D. index=security sourcetype=access_* | status=200 | stats count by price

A

B. index=security sourcetype=access_* status=200 | stats count by price

24
Q

Which of the following constraints can be used with the top command?

A. limit
B. useperc
C. addtotals
D. fieldcount

A

A. limit

25
Q

When editing a dashboard, which of the following are possible options? (Choose all that apply.)

A. Add an output.
B. Export a dashboard panel.
C. Modify the chart type displayed in a dashboard panel.
D. Drag a dashboard panel to a different location on the dashboard.

A

C. Modify the chart type displayed in a dashboard panel.
D. Drag a dashboard panel to a different location on the dashboard.

26
Q

When running searches, command modifiers in the search string are displayed in what color?

A. Red
B. Blue
C. Orange
D. Highlighted

A

C. Orange

27
Q

Which of the following represents the Splunk recommended naming convention for dashboards?

A. Description_Group_Object
B. Group_Description_Object
C. Group_Object_Description
D. Object_Group_Description

A

C. Group_Object_Description

28
Q

How can search results be kept longer than 7 days?

A. By scheduling a report.
B. By creating a link to the job.
C. By changing the job settings.
D. By changing the time range picker to more than 7 days.

A

C. By changing the job settings.

29
Q

Which of the following is a Splunk search best practice?

A. Filter as early as possible.
B. Never specify more than one index.
C. Include as few search terms as possible.
D. Use wildcards to return more search results.

A

A. Filter as early as possible.

30
Q

When looking at a dashboard panel that is based on a report, which of the following is true?

A. You can modify the search string in the panel, and you can change and configure the visualization.
B. You can modify the search string in the panel, but you cannot change and configure the visualization.
C. You cannot modify the search string in the panel, but you can change and configure the visualization.
D. You cannot modify the search string in the panel, and you cannot change and configure the visualization.

A

C. You cannot modify the search string in the panel, but you can change and configure the visualization.

31
Q

Which of the following are common constraints of the top command?

A. limit, count
B. limit, showpercent
C. limits, countfield
D. showperc, countfield

A

A. limit, count

32
Q

When displaying results of a search, which of the following is true about line charts?

A. Line charts are optimal for single and multiple series.
B. Line charts are optimal for single series when using Fast mode.
C. Line charts are optimal for multiple series with 3 or more columns.
D. Line charts are optimal for multiseries searches with at least 2 or more columns.

A

C. Line charts are optimal for multiple series with 3 or more columns.

33
Q

How are events displayed after a search is executed?

A. In chronological order.
B. Randomly by default.
C. In reverse chronological order.
D. Alphabetically according to field name.

A

C. In reverse chronological order.

34
Q

Which of the following is true about user account settings and preferences?

A. Search & Reporting is the only app that can be set as the default application.
B. Full names can only be changed by accounts with a Power User or Admin role.
C. Time zones are automatically updated based on the setting of the computer accessing Splunk.
D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

A

D. Full name, time zone, and default app can be defined by clicking the login name in the Splunk bar.

35
Q

What is a primary function of a scheduled report?

A. Auto-detect changes in performance.
B. Auto-generated PDF reports of overall data trends.
C. Regularly scheduled archiving to keep disk space use low.
D. Triggering an alert in your Splunk instance when certain conditions are met.

A

D. Triggering an alert in your Splunk instance when certain conditions are met.

36
Q
A

Splunk Core Certified User (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions