Step 1 Flashcards
What are the 3 main roles out of the box with splunk
Admin, User, Power
Can a power user create additional roles
No
What app is used for the exam
Search and Reporting
What does the hostname represent when
importing data
The Name of the server the data is coming from
Data: What does the Upload Option do
Uploads local files that get indexed once
Data: What does the monitor option do
Monitors Files, Directories, HTTP Events, or Data Gathering Scripts on Splunk instances
Data: What does the forward option do
Data is gathered on a remote machine and forwarded to an index over a receiving port
What are the 3 data summary tabs
Host, Sources and Source Types
Search Results are displayed in reverse chronological order, True or False
TRUE
Every Search is also a Job. True or False
True
How long does a job last for after its created
10 Minutes
whats the maximum a Job be extended to?
7 days
Which menu gives you access to your jobs history?
Activity
What are fields?
Serachable value/pairs in your event data i.e. host=www1, stats=404
What is implied automatically between serach fields
AND
Define Selected Fields and their defaults
Occur in every event, host, source, sourcetype
Can a selected field by any field
YES
___ is generally better than ____ when searching
Inclusion is generally better than exclusion when searching
does the @ symbol round up or down
Rounds down to nearest time depending on delimiter i.e. hms
Whats the purpose of an index for administrators
to segregrate data to limit access by splunk role
Its possible to specify multiple indexes in one search. True or False
True, using the OR command i.e. (index=security OR index=weblogs)
What does the ‘|’ do
Takes these events and…
What are the 5 basic search components
Search Terms, Commands, Functions, Arguments and Clauses
Table Function Only the fields in the argument list. True or False
True
