quiz 1

Question 1

Machine data is always structured.

Answer 1

False

Question 2

Machine data is only generated by web servers.

Answer 2

False

Question 3

Machine data makes up for more than ___% of the data accumulated by organizations.

Answer 3

90%

Question 4

index data

Answer 4

collect data from any source

Question 5

search & investigate

Answer 5

data

Question 6

add knowledge

Answer 6

label data for uniform

Question 7

Which of these is not a main component of Splunk? earch and investigate
Collect and index data
Compress and archive
Add knowledge

Answer 7

Compress and archive

Question 8

What are the three main processing components of Splunk?

Answer 8

Forwarders
Search Heads
Indexers

Question 9

Which function is not a part of a single instance deployment? Clustering
Searching
Indexing
Parsing

Answer 9

Clustering

Question 10

In most Splunk deployments, ________ serve as the primary way data is supplied for indexing.

Answer 10

Forwarders

Question 11

Search requests are processed by the ___________.

Answer 11

Indexers

Question 12

from the splunk bar you can

Answer 12

switch between apps, edit account, view messages, edit configs, monitor search jobs, help

Question 13

app bar

Answer 13

navigate system

Question 14

what are transforming commands

Answer 14

commands that create statistics and visualizations

Question 15

search job is active for

Answer 15

10 minutes

Question 16

shared job good for

Answer 16

7 days

Question 17

order of boolean

Answer 17

not, or, and

Question 18

field values are case sensitive

Answer 18

false

Question 19

wildcards can be used in field searches

Answer 19

yes

Question 20

field names are

Answer 20

case sensitive

Question 21

what attributes describe “a dest 4”

Answer 21

a means contains string values and 4 values

Question 22

@ symbol does

Answer 22

round down. if 9:37, you will get results up until 9

Question 23

different index examples

Answer 23

security data, web data

Question 24

Having separate indexes allows:

Answer 24

Faster Searches.
Multiple retention policies
Ability to limit access

Question 25

As a general practice, exclusion is better than inclusion in a Splunk search.

Answer 25

False

Question 26

What is the most efficient way to filter events in Splunk?

Answer 26

by time

Question 27

Time to search can only be set by the time range picker.

Answer 27

False

Question 28

Time to search can only be set by the time range picker.

Answer 28

False

Question 29

What command would you use to remove the status field from the returned events?

Answer 29

fields -

Question 30

Finish the rename command to change the name of the status field to HTTP Status.

Answer 30

status as "HTTP Status"

Question 31

Which command removes results with duplicate field values?

Answer 31

Dedup

Question 32

Which one of these is not a stats function? ``` Addtotals Count List Sum Avg ```

Answer 32

Addtotals

Question 33

A time range picker can be included in a report.

Answer 33

true

Question 34

In a dashboard, a time range picker will only work on panels that include a(n) __________ search.

Answer 34

inline

Question 35

The User role can not create reports.

Answer 35

false

Question 36

_____________ are reports gathered together into a single pane of glass.

Answer 36

Dashboards

Question 37

The instant pivot button is displayed in the statistics and visualization tabs when a _______ search is run

Answer 37

non-transforming

Question 38

Data models are made up of ___________.

Answer 38

datasets

Question 39

Adding child data model objects is like the ______ Boolean in the Splunk search language.

Answer 39

AND

Question 40

These are knowledge objects that provide the data structure for pivot.

Answer 40

Data models

Question 41

Pivots can be saved as dashboards panels.

Answer 41

True

Question 42

A lookup is categorized as a dataset.

Answer 42

True

Question 43

External data used by a Lookup can come from sources like:

Answer 43

CSV files Scripts Geospatial data

Question 44

When using a .csv file for Lookups, the first row in the file represents this.

Answer 44

Field names

Question 45

To keep from overwriting existing fields with your Lookup you can use the ____________ clause.

Answer 45

outputnew

Question 46

Finish this search command so that it displays data from the http_status.csv Lookup file.

Answer 46

inputlookup

Question 47

Alerts can run uploaded scripts.

Answer 47

True

Question 48

Alerts can be shared to all apps.

Answer 48

True

Question 49

Real-time alerts will run the search continuously in the background.

Answer 49

true

Question 50

Alerts can send an email.

Answer 50

True

Question 51

Once an alert is created, you can no longer edit its defining search.

Answer 51

False

Question 52

Machine data makes up for more than ___% of the data accumulated by organizations.

Answer 52

90%

Question 53

Which function is not a part of a single instance deployment?

Answer 53

clustering

Question 54

Splunk uses ________ to categorize the type of data being indexed

Answer 54

source type

Question 55

Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.

Answer 55

Source types

Question 56

Which following search mode toggles behavior based on the type of search being run?

Answer 56

Smart

Question 57

When a search is sent to splunk, it becomes a _____.

Answer 57

search jobs

Question 58

Shared search jobs remain active for _______ by default.

Answer 58

7 days

Question 59

Field names are ________.

Answer 59

case sensitive

Question 60

Field values are case sensitive.

Answer 60

false

Question 61

Time to search can only be set by the time range picker.

Answer 61

False

Question 62

What is the most efficient way to filter events in Splunk?

Answer 62

By time.

Question 63

Would the ip column be removed in the results of this search? Why or why not?

Answer 63

No, because the name was changed.

Question 64

What command would you use to remove the status field from the returned events?

Answer 64

fields -

Question 65

Excluding fields using the Fields Command will benefit performance.

Answer 65

false

Question 66

Which clause would you use to rename the count field?

Answer 66

as

Question 67

How many results are shown by default when using a Top or Rare Command?

Answer 67

10

Question 68

_____________ are reports gathered together into a single pane of glass.

Answer 68

dashboards

Question 69

inish this search command so that it displays data from the http_status.csv Lookup file.

Answer 69

inputlookup