Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Splunk
  5. SPLK-3002

Splunk SPLK-3002 Exam Questions
Splunk IT Service Intelligence Certified Admin (Page 2 )

Updated On: 16-Feb-2026
Page 2 of 19
PDF with 98 Questions

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  1. 6 months.
  2. 9 months.
  3. 1 year.
  4. 3 months.

Answer(s): A

Explanation:

By default, notable event metadata is archived after six months to keep the KV store from growing too large.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections



Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

  1. Only include KPIs if they will be used in multiple services.
  2. Analyze the business to determine the most critical services.
  3. Focus on low-level services.
  4. Define a large number of key services early.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA A best practice for identifying the most effective services with which to start an iterative ITSI deployment is to analyze the business to determine the most critical services that have the most impact on revenue, customer satisfaction, or other key performance indicators. You can use the Service Analyzer to prioritize and monitor these services.

Service Analyzer



When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

  1. Gray
  2. Purple
  3. Gear Icon
  4. Blue

Answer(s): A

Explanation:

When creating a custom deep dive, services or KPIs that are in maintenance mode are shown in gray color in the topology view. This indicates that they are not actively monitored and do not generate alerts or notable events.


Reference:

Deep Dives



Which deep dive swim lane type does not require writing SPL?

  1. Event lane.
  2. Automatic lane.
  3. Metric lane.
  4. KPI lane.

Answer(s): D

Explanation:

A KPI lane is a type of deep dive swim lane that does not require writing SPL. You can simply select a service and a KPI from a drop-down list and ITSI will automatically populate the lane with the corresponding data. You can also adjust the threshold settings and time range for the KPI lane.


Reference:

[KPI Lanes]



Which of the following items apply to anomaly detection? (Choose all that apply.)

  1. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
  2. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
  3. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
  4. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Answer(s): B,C


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD Anomaly detection is a feature of ITSI that uses machine learning to detect when KPI data deviates from a normal pattern. The following items apply to anomaly detection:
B) A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis. This ensures that there is enough data to establish a baseline pattern and compare different entities within a service.
C) Anomaly detection automatically generates notable events when KPI data diverges from the pattern. You can configure the sensitivity and severity of the anomaly detection alerts and assign them to episodes or teams.


[Anomaly Detection]






Post your Comments and Discuss Splunk SPLK-3002 exam dumps with other Community members:

Join the SPLK-3002 Discussion