Copy and Edit

SPLUNK 1002 TEST

Description

SPLUNK 1002 TEST
David OkOk
Quiz by David OkOk, updated 5 months ago
David OkOk
Created by David OkOk 8 months ago
113
0
0

Resource summary

Question 1

Question
1.- Using the export function, you can export search results as __________.( Select all that apply)
Answer
  • Xml
  • Json
  • Html
  • A php file

Question 2

Question
2.- The fields sidebar does not show________. (Select all that apply.)
Answer
  • interesting fields
  • selected fields
  • all extracted fields

Question 3

Question
3.- Splunk alerts can be based on search that run______. (Select all that apply.)
Answer
  • in real-time
  • on a regular schedule
  • and have no matching events

Question 4

Question
4.- Alert throttling is used to _______.
Answer
  • verify each alert
  • stagger search request in a time sequenced order
  • stop spamming yourself with alerts
  • check severity

Question 5

Question
5.- A real-time alert is ______________.
Answer
  • A scheduled alert
  • constantly running in the background

Question 6

Question
6.- This tab shows you the event patterns in the results of a specific search.
Answer
  • statistics
  • visualization
  • patterns

Question 7

Question
7.- Which of the following about reports is/are true?
Answer
  • Reports are knowledge objects.
  • Reports can be scheduled.
  • Reports can run a script.
  • All of the above.

Question 8

Question
8.- Select this in the fields sidebar to automatically pipe you search results to the rare command
Answer
  • events with this field
  • rare values
  • top values by time
  • top values

Question 9

Question
9.- A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
Answer
  • skipped or deferred
  • automatically accelerated
  • deleted
  • all of the above

Question 10

Question
10.- Which of the following are valid options to speed up reports? (Select all the apply.)
Answer
  • Edit permissions
  • Edit description
  • Edit acceleration
  • Edit schedule

Question 11

Question
11.- Which of the following statements are true for this search? (Select all that apply.) SEARCH:sourcetype=access* |fields action productld status
Answer
  • is looking for all events that include the search terms: fields AND action AND productld AND status
  • users the table command to improve performance
  • limits the fields are extracted
  • returns a table with 3 columns

Question 12

Question
12.- Use the dedup command to _____.
Answer
  • Rename a field in the index
  • remove duplicate values
  • Provide an additional alias for the field that can
  • be used in the search criteria

Question 13

Question
13.- We can use the rename command to _____ (Select all that apply.)
Answer
  • Change indexed fields
  • Exclude fields from our search results
  • Extract new fields from our data using regular expressions
  • Give a field a new name at search time

Question 14

Question
14.- The limit attribute will___________.
Answer
  • override default of 10
  • only work with top command
  • override default of 20
  • override default of 15

Question 15

Question
15.- This function of the stats command allows you to identify the number of values a field has.
Answer
  • max
  • distinct_count
  • fields
  • count

Question 16

Question
16.- This function of the stats command allows you to return the sample standard deviation of a field.
Answer
  • stdev
  • dev
  • count deviation
  • by standarddev

Question 17

Question
17.- Which of the following commands will show the maximum bytes?
Answer
  • sourcetype=access_* | maximum totals by bytes
  • sourcetype=access_* | avg (bytes)
  • sourcetype=access_* | stats max(bytes)
  • sourcetype=access_* | max(bytes)

Question 18

Question
18.- Which of the following searches will show the number of categoryld used by each host?
Answer
  • Sourcetype=access_* |sum bytes by host
  • Sourcetype=access_* |stats sum(categoryld) by host
  • Sourcetype=access_* |sum(bytes) by host
  • Sourcetype=access_* |stats sum by host

Question 19

Question
19.- Sourcetype=access_* |stats sum by host
Answer
  • Rex
  • As
  • List
  • By

Question 20

Question
20.- This function of the stats command allows you to return the middle-most value of field X.
Answer
  • Median(X)
  • Eval by X
  • Fields(X)
  • Values(X)

Question 21

Question
21.- When a search returns __________, you can view the results as a list.
Answer
  • a list of events
  • transactions
  • statistical values

Question 22

Question
22.- Clicking a SEGMENT on a chart, ________.
Answer
  • drills down for that value
  • highlights the field value across the chart
  • adds the highlighted value to the search criteria

Question 23

Question
23.- Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.
Answer
  • inputlookup
  • lookup

Question 24

Question
24.- It is mandatory for the lookup file to have this for an automatic lookup to work.
Answer
  • Source type
  • At least five columns
  • Timestamp
  • Input filed

Question 25

Question
25.- These users can create global knowledge objects. (Select all that apply.)
Answer
  • users
  • power users
  • administrators

Question 26

Question
25.- This is what Splunk uses to categorize the data that is being indexed.
Answer
  • sourcetype
  • index
  • source
  • host

Question 27

Question
27.- This is what Splunk uses to categorize the data that is being indexed.
Answer
  • Host
  • Sourcetype
  • Index
  • Source

Question 28

Question
28.- By default search results are not returned in ________ order.
Answer
  • Chronological
  • Reverser chronological
  • ASCIE
  • Alphabetical

Question 29

Question
29.- The stats command will create a _____________ by default.
Answer
  • Table
  • Report
  • Pie chart

Question 30

Question
30.- Which is not a comparison operator in Splunk
Answer
  • <=
  • =
  • !=
  • >
  • ?=

Question 31

Question
31.- Which of the following is NOT a stats function:
Answer
  • sum
  • addtotals
  • count
  • avg

Question 32

Question
32.- If a search returns ____________ it can be viewed as a chart.
Answer
  • timestamps
  • statistics
  • events
  • keywords

Question 33

Question
33.- In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host
Answer
  • status
  • host
  • count

Question 34

Question
34.- The timechart command buckets data in time intervals depending on:
Answer
  • the number of events returned
  • the selected time range
  • the type of visualization selected

Question 35

Question
35.- Which of these search strings is NOT valid:
Answer
  • index=web status=50* | chart count over host, status
  • index=web status=50* | chart count over host by status
  • index=web status=5-* | chart count by host, status

Question 36

Question
36.- Which command is used to create choropleth maps?
Answer
  • geostats
  • cluster
  • geom

Question 37

Question
37.- which of the following are valid options with the chart command
Answer
  • useother
  • usenull
  • fillfield
  • usefiled

Question 38

Question
38.- The gauge command:
Answer
  • creates a single-value visualization
  • allows you to set colored ranges for a single-value visualization
  • creates a radial gauge visualization

Question 39

Question
39.- What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)
Answer
  • The average time elapsed during each transaction for all transactions
  • The average time for each event within each transaction
  • The average time between each transaction

Question 40

Question
40.- Which of these is NOT a field that is automatically created with the transaction command?
Answer
  • maxcount
  • duration
  • eventcount

Question 41

Question
41.- How many ways are there to access the Field Extractor Utility?
Answer
  • 3
  • 4
  • 1
  • 5

Question 42

Question
42.- When extracting fields, we may choose to use our own regular expressions
Answer
  • True
  • False

Question 43

Question
43.- Field aliases are used to __________ data
Answer
  • clean
  • transform
  • calculate
  • normalize

Question 44

Question
44.- What is the correct way to name a macro with two arguments?
Answer
  • us_sales2
  • us_sales(1,2)
  • us_sale,2
  • us_sales(2)

Question 45

Question
45.- When using a field value variable with a Workflow Action, which punctuation mark will escape the data.
Answer
  • *
  • !
  • ^
  • #

Question 46

Question
46.- __________ datasets can be added to root dataset to narrow down the search
Answer
  • parent
  • extracted
  • event
  • child

Question 47

Question
47.- Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?
Answer
  • maxpause
  • endswith
  • maxduration
  • maxspan

Question 48

Question
48.- The eval command 'if' function requires the following three arguments (in order):
Answer
  • Boolean expression, result if true, result if false
  • Result if true, result if false, boolean expression
  • Result if false, result if true, boolean expression
  • Boolean expression, result if false, result if true

Question 49

Question
49.- Which search would limit an "alert" tag to the "host" field?
Answer
  • tag=alert
  • host::tag::alert
  • tag==alert
  • tag::host=alert

Question 50

Question
50.- The transaction command allows you to __________ events across multiple sources
Answer
  • duplicate
  • correlate
  • persist
  • tag

Question 51

Question
51.- Which of the following commands are used when creating visualizations(select all that apply.)
Answer
  • Geom
  • Choropleth
  • Geostats
  • iplocation

Question 52

Question
52.- For choropleth maps,splunk ships with the following KMZ files (select all that apply)
Answer
  • States of the United States
  • States and provinces of the united states and Canada
  • Countries of the European Union
  • Countries of the World

Question 53

Question
54.- Complete the search, …. | _____ failure>successes
Answer
  • Search
  • Where
  • If
  • Any of the above

Question 54

Question
54.- These kinds of charts represent a series in a single bar with multiple sections
Answer
  • Multi-Series
  • Split-Series
  • Omit nulls
  • Stacked

Question 55

Question
55.- When using a split series on a chart, the series MUST be displayed using the STACKED option.
Answer
  • True
  • False

Question 56

Question
56.- Which of the following are valid options with the chart command ?(select all that apply)
Answer
  • usenull=f
  • useother=f
  • split=t
  • transcation=t

Question 57

Question
57.- This role is required to install the CIM Add-on.
Answer
  • ADMIN
  • POWER
  • USER

Question 58

Question
58.- The Splunk CIM Add-on includes data models in a __________ format. Select your answer.
Answer
  • MySQL
  • XML
  • JSON

Question 59

Question
59.- These allow you to categorize events based on search terms. Select your answer.
Answer
  • Groups
  • Event Types
  • Macros
  • Tags

Question 60

Question
60.- In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer.
Answer
  • Selected-Fields
  • Non-Matches
  • Non-Extractions
  • Matches
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

To Kill A Mockingbird Complete Notes
jessica.moscrip
GCSE ICT Revision
Andrea Leyden
Cognitive Psychology Key Terms
Veleka Georgieva
Unit 1: Business Studies GCSE
Libby Rose
GCSE AQA Biology 1 Quiz
Lilac Potato
Using GoConqr to study History
Sarah Egan
Contract Law
sherhui94
Flame tests
Joshua Rees
Meteorologia II
Adriana Forero
GoConqr Guide to Flowcharts for Business
Sarah Egan
1PR101 2.test - Část 1.
Nikola Truong
Browse Library