Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-3002

Free Splunk® SPLK-3002 Exam Braindumps (page: 3)

98.6% Passing Rate DOWNLOAD PDF EXAM
90 Questions & Answers
Page 2 of 13

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  1. 6 months.
  2. 9 months.
  3. 1 year.
  4. 3 months.

Answer(s): A

Explanation:

By default, notable event metadata is archived after six months to keep the KV store from growing too large.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections



Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

  1. Only include KPIs if they will be used in multiple services.
  2. Analyze the business to determine the most critical services.
  3. Focus on low-level services.
  4. Define a large number of key services early.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA A best practice for identifying the most effective services with which to start an iterative ITSI deployment is to analyze the business to determine the most critical services that have the most impact on revenue, customer satisfaction, or other key performance indicators. You can use the Service Analyzer to prioritize and monitor these services.

Service Analyzer



When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

  1. Gray
  2. Purple
  3. Gear Icon
  4. Blue

Answer(s): A

Explanation:

When creating a custom deep dive, services or KPIs that are in maintenance mode are shown in gray color in the topology view. This indicates that they are not actively monitored and do not generate alerts or notable events.


Reference:

Deep Dives



Which deep dive swim lane type does not require writing SPL?

  1. Event lane.
  2. Automatic lane.
  3. Metric lane.
  4. KPI lane.

Answer(s): D

Explanation:

A KPI lane is a type of deep dive swim lane that does not require writing SPL. You can simply select a service and a KPI from a drop-down list and ITSI will automatically populate the lane with the corresponding data. You can also adjust the threshold settings and time range for the KPI lane.


Reference:

[KPI Lanes]



Which of the following items apply to anomaly detection? (Choose all that apply.)

  1. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
  2. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
  3. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
  4. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Answer(s): B,C


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD Anomaly detection is a feature of ITSI that uses machine learning to detect when KPI data deviates from a normal pattern. The following items apply to anomaly detection:
B) A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis. This ensures that there is enough data to establish a baseline pattern and compare different entities within a service.
C) Anomaly detection automatically generates notable events when KPI data diverges from the pattern. You can configure the sensitivity and severity of the anomaly detection alerts and assign them to episodes or teams.


[Anomaly Detection]



Which of the following is a best practice when configuring maintenance windows?

  1. Disable any glass tables that reference a KPI that is part of an open maintenance window.
  2. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
  3. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
  4. Change the color of services and entities that are part of an open maintenance window in the service analyzer.

Answer(s): C

Explanation:

It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW A maintenance window is a period of time when a service or entity is undergoing maintenance operations or does not require active monitoring. It is a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. For example, if a server will be shut down for maintenance at 1:00PM and restarted at 5:00PM, the ideal maintenance window is 12:30PM to 5:30PM. The 15- to 30-minute time buffer is a rough estimate based on 15 minutes being the time period over which most KPIs are configured to search data and identify alert triggers.


Overview of maintenance windows in ITSI



In Episode Review, what is the result of clicking an episode's Acknowledge button?

  1. Assign the current user as owner.
  2. Change status from New to Acknowledged.
  3. Change status from New to In Progress and assign the current user as owner.
  4. Change status from New to Acknowledged and assign the current user as owner.

Answer(s): D

Explanation:

When an episode warrants investigation, the analyst acknowledges the episode, which moves the status from New to In Progress.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/EpisodeOverview An episode represents a disruption of service operation causing impact to business operations. It is a deduplicated group of notable events occurring as part of a larger sequence, or an incident or period considered in isolation. In Episode Review, you can manage the episodes and their statuses using various actions. One of the actions is Acknowledge, which changes the status of an episode from New to Acknowledged and assigns the current user as the owner. This action indicates that someone is working on resolving the episode and prevents duplicate efforts from other users.


Overview of Episode Review in ITSI, [Episode actions in Episode Review]



Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?

  1. Service templates.
  2. Service dependencies.
  3. Ad-hoc search.
  4. Service swapping.

Answer(s): D


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/Visualizations#collapseDesktop8 A glass table is a visualization tool that allows you to monitor the interrelationships and dependencies across your IT and business services. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. One of the features of glass tables is service swapping, which enables you to toggle displaying KPI values from more than one service on a single widget. You can use service swapping to compare metrics across different services without creating multiple glass tables or widgets.


Overview of the glass table editor in ITSI, [Configure service swapping on glass tables]






Post your Comments and Discuss Splunk® SPLK-3002 exam prep with other Community members:

SPLK-3002 Exam Discussions & Posts