Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Splunk
  5. SPLK-3002

Splunk SPLK-3002 Exam Questions
Splunk IT Service Intelligence Certified Admin (Page 3 )

Updated On: 16-Feb-2026
Page 3 of 19
PDF with 98 Questions

Which of the following is a best practice when configuring maintenance windows?

  1. Disable any glass tables that reference a KPI that is part of an open maintenance window.
  2. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
  3. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
  4. Change the color of services and entities that are part of an open maintenance window in the service analyzer.

Answer(s): C

Explanation:

It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW A maintenance window is a period of time when a service or entity is undergoing maintenance operations or does not require active monitoring. It is a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. For example, if a server will be shut down for maintenance at 1:00PM and restarted at 5:00PM, the ideal maintenance window is 12:30PM to 5:30PM. The 15- to 30-minute time buffer is a rough estimate based on 15 minutes being the time period over which most KPIs are configured to search data and identify alert triggers.


Overview of maintenance windows in ITSI



In Episode Review, what is the result of clicking an episode's Acknowledge button?

  1. Assign the current user as owner.
  2. Change status from New to Acknowledged.
  3. Change status from New to In Progress and assign the current user as owner.
  4. Change status from New to Acknowledged and assign the current user as owner.

Answer(s): D

Explanation:

When an episode warrants investigation, the analyst acknowledges the episode, which moves the status from New to In Progress.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/EpisodeOverview An episode represents a disruption of service operation causing impact to business operations. It is a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation. In Episode Review, you can manage the episodes and their statuses using various actions. One of the actions is Acknowledge, which changes the status of an episode from New to Acknowledged and assigns the current user as the owner. This action indicates that someone is working on resolving the episode and prevents duplicate efforts from other users.


Overview of Episode Review in ITSI, [Episode actions in Episode Review]



Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?

  1. Service templates.
  2. Service dependencies.
  3. Ad-hoc search.
  4. Service swapping.

Answer(s): D


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/Visualizations#collapseDesktop8 A glass table is a visualization tool that allows you to monitor the interrelationships and dependencies across your IT and business services. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. One of the features of glass tables is service swapping, which enables you to toggle displaying KPI values from more than one service on a single widget. You can use service swapping to compare metrics across different services without creating multiple glass tables or widgets.


Overview of the glass table editor in ITSI, [Configure service swapping on glass tables]



Which of the following is a characteristic of base searches?

  1. Search expression, entity splitting rules, and thresholds are configured at the base search level.
  2. It is possible to filter to entities assigned to the service for calculating the metrics for the service's KPIs.
  3. The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
  4. The base search will execute whether or not a KPI needs it.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch A base search is a search definition that can be shared across multiple KPIs that use the same data source. Base searches can improve search performance and reduce search load by consolidating multiple similar KPIs. One of the characteristics of base searches is that it is possible to filter to entities assigned to the service for calculating the metrics for the service's KPIs. This means that you can use entity filtering rules to specify which entities are relevant for each KPI based on the base search results.


Create KPI base searches in ITSI, [Filter entities for KPIs based on base searches]



What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

  1. Creating glass tables.
  2. Correlation search creation.
  3. Service swapping configuration.
  4. Adding KPI metric lanes to glass tables.

Answer(s): A,C,D

Explanation:

Create a glass table to visualize and monitor the interrelationships and dependencies across your IT and business services.
The service swapping settings are saved and apply the next time you open the glass table. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. Glass tables show real-time data generated by KPIs and services.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview

The glass table editor is a tool that allows you to create and edit glass tables in ITSI. Some of the capabilities of the glass table editor are:
Creating glass tables from scratch or from existing templates. Configuring service swapping on widgets to toggle displaying metrics from different services. Adding KPI metric lanes to glass tables to show historical trends of KPI values. The glass table editor does not support correlation search creation, which is a separate feature in ITSI that allows you to create searches that look for relationships between data points and generate notable events.

Overview of the glass table editor in ITSI, [Configure service swapping on glass tables], [Add KPI metric lanes to glass tables], [Overview of correlation searches in ITSI]






Post your Comments and Discuss Splunk SPLK-3002 exam dumps with other Community members:

Join the SPLK-3002 Discussion