quiz 1 Flashcards

Question 1

Q

Machine data is always structured.

Question 2

Q

Machine data is only generated by web servers.

Question 3

Q

Machine data makes up for more than ___% of the data accumulated by organizations.

Question 4

Q

index data

Answer

A

collect data from any source

Question 5

Q

search & investigate

Question 6

Q

add knowledge

Answer

A

label data for uniform

Question 7

Q

Which of these is not a main component of Splunk? earch and investigate
Collect and index data
Compress and archive
Add knowledge

Answer

A

Compress and archive

Question 8

Q

What are the three main processing components of Splunk?

Answer

A

Forwarders
Search Heads
Indexers

Question 9

Q

Which function is not a part of a single instance deployment? Clustering
Searching
Indexing
Parsing

Answer

A

Clustering

Question 10

Q

In most Splunk deployments, ________ serve as the primary way data is supplied for indexing.

Answer

A

Forwarders

Question 11

Q

Search requests are processed by the ___________.

Question 12

Q

from the splunk bar you can

Answer

A

switch between apps, edit account, view messages, edit configs, monitor search jobs, help

Question 13

Q

app bar

Answer

A

navigate system

Question 14

Q

what are transforming commands

Answer

A

commands that create statistics and visualizations

Question 15

Q

search job is active for

Answer

A

10 minutes

Question 16

Q

shared job good for

Question 17

Q

order of boolean

Answer

A

not, or, and

Question 18

Q

field values are case sensitive

Question 19

Q

wildcards can be used in field searches

Question 20

Q

field names are

Answer

A

case sensitive

Question 21

Q

what attributes describe “a dest 4”

Answer

A

a means contains string values and 4 values

Question 22

Q

@ symbol does

Answer

A

round down. if 9:37, you will get results up until 9

Question 23

Q

different index examples

Answer

A

security data, web data

Question 24

Q

Having separate indexes allows:

Answer

A

Faster Searches.
Multiple retention policies
Ability to limit access

Question 25

Q

As a general practice, exclusion is better than inclusion in a Splunk search.

Question 26

Q

What is the most efficient way to filter events in Splunk?

Question 27

Q

Time to search can only be set by the time range picker.

Question 28

Q

Time to search can only be set by the time range picker.

Question 29

Q

What command would you use to remove the status field from the returned events?

Question 30

Q

Finish the rename command to change the name of the status field to HTTP Status.

Answer

A

status as “HTTP Status”

Question 31

Q

Which command removes results with duplicate field values?

Question 32

Q

Which one of these is not a stats function?

Addtotals
Count
List
Sum
Avg

Answer

A

Addtotals

Question 33

Q

A time range picker can be included in a report.

Question 34

Q

In a dashboard, a time range picker will only work on panels that include a(n) __________ search.

Question 35

Q

The User role can not create reports.

Question 36

Q

_____________ are reports gathered together into a single pane of glass.

Answer

A

Dashboards

Question 37

Q

The instant pivot button is displayed in the statistics and visualization tabs when a _______ search is run

Answer

A

non-transforming

Question 38

Q

Data models are made up of ___________.

Question 39

Q

Adding child data model objects is like the ______ Boolean in the Splunk search language.

Question 40

Q

These are knowledge objects that provide the data structure for pivot.

Answer

A

Data models

Question 41

Q

Pivots can be saved as dashboards panels.

Question 42

Q

A lookup is categorized as a dataset.

Question 43

Q

External data used by a Lookup can come from sources like:

Answer

A

CSV files
Scripts
Geospatial data

Question 44

Q

When using a .csv file for Lookups, the first row in the file represents this.

Answer

A

Field names

Question 45

Q

To keep from overwriting existing fields with your Lookup you can use the ____________ clause.

Answer

A

outputnew

Question 46

Q

Finish this search command so that it displays data from the http_status.csv Lookup file.

Answer

A

inputlookup

Question 47

Q

Alerts can run uploaded scripts.

Question 48

Q

Alerts can be shared to all apps.

Question 49

Q

Real-time alerts will run the search continuously in the background.

Question 50

Q

Alerts can send an email.

Question 51

Q

Once an alert is created, you can no longer edit its defining search.

Question 52

Q

Machine data makes up for more than ___% of the data accumulated by organizations.

Question 53

Q

Which function is not a part of a single instance deployment?

Answer

A

clustering

Question 54

Q

Splunk uses ________ to categorize the type of data being indexed

Answer

A

source type

Question 55

Q

Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.

Answer

A

Source types

Question 56

Q

Which following search mode toggles behavior based on the type of search being run?

Question 57

Q

When a search is sent to splunk, it becomes a _____.

Answer

A

search jobs

Question 58

Q

Shared search jobs remain active for _______ by default.

Question 59

Q

Field names are ________.

Answer

A

case sensitive

Question 60

Q

Field values are case sensitive.

Question 61

Q

Time to search can only be set by the time range picker.

Question 62

Q

What is the most efficient way to filter events in Splunk?

Question 63

Q

Would the ip column be removed in the results of this search? Why or why not?

Answer

A

No, because the name was changed.

Question 64

Q

What command would you use to remove the status field from the returned events?

Answer 32

A

dashboards

Answer 33

A

inputlookup