This is a timed quiz.
You have 30 minutes to complete the 60 questions in this quiz.
1.- Using the export function, you can export search results as __________.( Select all that apply)
Xml
Json
Html
A php file
2.- The fields sidebar does not show________. (Select all that apply.)
interesting fields
selected fields
all extracted fields
3.- Splunk alerts can be based on search that run______. (Select all that apply.)
in real-time
on a regular schedule
and have no matching events
4.- Alert throttling is used to _______.
verify each alert
stagger search request in a time sequenced order
stop spamming yourself with alerts
check severity
5.- A real-time alert is ______________.
A scheduled alert
constantly running in the background
6.- This tab shows you the event patterns in the results of a specific search.
statistics
visualization
patterns
7.- Which of the following about reports is/are true?
Reports are knowledge objects.
Reports can be scheduled.
Reports can run a script.
All of the above.
8.- Select this in the fields sidebar to automatically pipe you search results to the rare command
events with this field
rare values
top values by time
top values
9.- A report scheduled to run every 15 mins. but takes 17 mins. to complete is in danger of being_____.
skipped or deferred
automatically accelerated
deleted
all of the above
10.- Which of the following are valid options to speed up reports? (Select all the apply.)
Edit permissions
Edit description
Edit acceleration
Edit schedule
11.- Which of the following statements are true for this search? (Select all that apply.) SEARCH:sourcetype=access* |fields action productld status
is looking for all events that include the search terms: fields AND action AND productld AND status
users the table command to improve performance
limits the fields are extracted
returns a table with 3 columns
12.- Use the dedup command to _____.
Rename a field in the index
remove duplicate values
Provide an additional alias for the field that can
be used in the search criteria
13.- We can use the rename command to _____ (Select all that apply.)
Change indexed fields
Exclude fields from our search results
Extract new fields from our data using regular expressions
Give a field a new name at search time
14.- The limit attribute will___________.
override default of 10
only work with top command
override default of 20
override default of 15
15.- This function of the stats command allows you to identify the number of values a field has.
max
distinct_count
fields
count
16.- This function of the stats command allows you to return the sample standard deviation of a field.
stdev
dev
count deviation
by standarddev
17.- Which of the following commands will show the maximum bytes?
sourcetype=access_* | maximum totals by bytes
sourcetype=access_* | avg (bytes)
sourcetype=access_* | stats max(bytes)
sourcetype=access_* | max(bytes)
18.- Which of the following searches will show the number of categoryld used by each host?
Sourcetype=access_* |sum bytes by host
Sourcetype=access_* |stats sum(categoryld) by host
Sourcetype=access_* |sum(bytes) by host
Sourcetype=access_* |stats sum by host
19.- Sourcetype=access_* |stats sum by host
Rex
As
List
By
20.- This function of the stats command allows you to return the middle-most value of field X.
Median(X)
Eval by X
Fields(X)
Values(X)
21.- When a search returns __________, you can view the results as a list.
a list of events
transactions
statistical values
22.- Clicking a SEGMENT on a chart, ________.
drills down for that value
highlights the field value across the chart
adds the highlighted value to the search criteria
23.- Use this command to use lookup fields in a search and see the lookup fields in the field sidebar.
inputlookup
lookup
24.- It is mandatory for the lookup file to have this for an automatic lookup to work.
Source type
At least five columns
Timestamp
Input filed
25.- These users can create global knowledge objects. (Select all that apply.)
users
power users
administrators
25.- This is what Splunk uses to categorize the data that is being indexed.
sourcetype
index
source
host
27.- This is what Splunk uses to categorize the data that is being indexed.
Host
Sourcetype
Index
Source
28.- By default search results are not returned in ________ order.
Chronological
Reverser chronological
ASCIE
Alphabetical
29.- The stats command will create a _____________ by default.
Table
Report
Pie chart
30.- Which is not a comparison operator in Splunk
<=
=
!=
>
?=
31.- Which of the following is NOT a stats function:
sum
addtotals
avg
32.- If a search returns ____________ it can be viewed as a chart.
timestamps
events
keywords
33.- In this search, __________ will appear on the y-axis. SEARCH: sourcetype=access_combined status!=200 | chart count over host
status
34.- The timechart command buckets data in time intervals depending on:
the number of events returned
the selected time range
the type of visualization selected
35.- Which of these search strings is NOT valid:
index=web status=50* | chart count over host, status
index=web status=50* | chart count over host by status
index=web status=5-* | chart count by host, status
36.- Which command is used to create choropleth maps?
geostats
cluster
geom
37.- which of the following are valid options with the chart command
useother
usenull
fillfield
usefiled
38.- The gauge command:
creates a single-value visualization
allows you to set colored ranges for a single-value visualization
creates a radial gauge visualization
39.- What will you learn from the results of the following search? sourcetype=cisco_esa | transaction mid, dcid, icid | timechart avg(duration)
The average time elapsed during each transaction for all transactions
The average time for each event within each transaction
The average time between each transaction
40.- Which of these is NOT a field that is automatically created with the transaction command?
maxcount
duration
eventcount
41.- How many ways are there to access the Field Extractor Utility?
3
4
1
5
42.- When extracting fields, we may choose to use our own regular expressions
True
False
43.- Field aliases are used to __________ data
clean
transform
calculate
normalize
44.- What is the correct way to name a macro with two arguments?
us_sales2
us_sales(1,2)
us_sale,2
us_sales(2)
45.- When using a field value variable with a Workflow Action, which punctuation mark will escape the data.
*
!
^
#
46.- __________ datasets can be added to root dataset to narrow down the search
parent
extracted
event
child
47.- Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?
maxpause
endswith
maxduration
maxspan
48.- The eval command 'if' function requires the following three arguments (in order):
Boolean expression, result if true, result if false
Result if true, result if false, boolean expression
Result if false, result if true, boolean expression
Boolean expression, result if false, result if true
49.- Which search would limit an "alert" tag to the "host" field?
tag=alert
host::tag::alert
tag==alert
tag::host=alert
50.- The transaction command allows you to __________ events across multiple sources
duplicate
correlate
persist
tag
51.- Which of the following commands are used when creating visualizations(select all that apply.)
Geom
Choropleth
Geostats
iplocation
52.- For choropleth maps,splunk ships with the following KMZ files (select all that apply)
States of the United States
States and provinces of the united states and Canada
Countries of the European Union
Countries of the World
54.- Complete the search, …. | _____ failure>successes
Search
Where
If
Any of the above
54.- These kinds of charts represent a series in a single bar with multiple sections
Multi-Series
Split-Series
Omit nulls
Stacked
55.- When using a split series on a chart, the series MUST be displayed using the STACKED option.
56.- Which of the following are valid options with the chart command ?(select all that apply)
usenull=f
useother=f
split=t
transcation=t
57.- This role is required to install the CIM Add-on.
ADMIN
POWER
USER
58.- The Splunk CIM Add-on includes data models in a __________ format. Select your answer.
MySQL
XML
JSON
59.- These allow you to categorize events based on search terms. Select your answer.
Groups
Event Types
Macros
Tags
60.- In the Field Extractor Utility, this button will display events that do not contain extracted fields. Select your answer.
Selected-Fields
Non-Matches
Non-Extractions
Matches
