After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
Answer(s): A
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections
Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?
Answer(s): B
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA A best practice for identifying the most effective services with which to start an iterative ITSI deployment is to analyze the business to determine the most critical services that have the most impact on revenue, customer satisfaction, or other key performance indicators. You can use the Service Analyzer to prioritize and monitor these services.Service Analyzer
When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?
When creating a custom deep dive, services or KPIs that are in maintenance mode are shown in gray color in the topology view. This indicates that they are not actively monitored and do not generate alerts or notable events.
Deep Dives
Which deep dive swim lane type does not require writing SPL?
Answer(s): D
A KPI lane is a type of deep dive swim lane that does not require writing SPL. You can simply select a service and a KPI from a drop-down list and ITSI will automatically populate the lane with the corresponding data. You can also adjust the threshold settings and time range for the KPI lane.
[KPI Lanes]
Which of the following items apply to anomaly detection? (Choose all that apply.)
Answer(s): B,C
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD Anomaly detection is a feature of ITSI that uses machine learning to detect when KPI data deviates from a normal pattern. The following items apply to anomaly detection:B) A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis. This ensures that there is enough data to establish a baseline pattern and compare different entities within a service.C) Anomaly detection automatically generates notable events when KPI data diverges from the pattern. You can configure the sensitivity and severity of the anomaly detection alerts and assign them to episodes or teams.[Anomaly Detection]
Which of the following is a best practice when configuring maintenance windows?
Answer(s): C
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW A maintenance window is a period of time when a service or entity is undergoing maintenance operations or does not require active monitoring. It is a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. For example, if a server will be shut down for maintenance at 1:00PM and restarted at 5:00PM, the ideal maintenance window is 12:30PM to 5:30PM. The 15- to 30-minute time buffer is a rough estimate based on 15 minutes being the time period over which most KPIs are configured to search data and identify alert triggers.Overview of maintenance windows in ITSI
In Episode Review, what is the result of clicking an episode's Acknowledge button?
When an episode warrants investigation, the analyst acknowledges the episode, which moves the status from New to In Progress.
https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/EpisodeOverview An episode represents a disruption of service operation causing impact to business operations. It is a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation. In Episode Review, you can manage the episodes and their statuses using various actions. One of the actions is Acknowledge, which changes the status of an episode from New to Acknowledged and assigns the current user as the owner. This action indicates that someone is working on resolving the episode and prevents duplicate efforts from other users.Overview of Episode Review in ITSI, [Episode actions in Episode Review]
Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/Visualizations#collapseDesktop8 A glass table is a visualization tool that allows you to monitor the interrelationships and dependencies across your IT and business services. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. One of the features of glass tables is service swapping, which enables you to toggle displaying KPI values from more than one service on a single widget. You can use service swapping to compare metrics across different services without creating multiple glass tables or widgets.Overview of the glass table editor in ITSI, [Configure service swapping on glass tables]
Post your Comments and Discuss Splunk® SPLK-3002 exam prep with other Community members:
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the SPLK-3002 content, but please register or login to continue.
We’re offering these study questions to support your success. The least you can do? Drop a useful comment about each question. Help others. Build the community.