CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Splunk®
  5. SPLK-3002

Free SPLK-3002 Exam Braindumps (page: 4)

Page 3 of 14
PDF with 90 Questions

Which of the following is a characteristic of base searches?

  1. Search expression, entity splitting rules, and thresholds are configured at the base search level.
  2. It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.
  3. The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
  4. The base search will execute whether or not a KPI needs it.

Answer(s): B


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch



What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

  1. Creating glass tables.
  2. Correlation search creation.
  3. Service swapping configuration.
  4. Adding KPI metric lanes to glass tables.

Answer(s): A,C,D

Explanation:

Create a glass table to visualize and monitor the interrelationships and dependencies across your IT and business services. The service swapping settings are saved and apply the next time you open the glass table.

You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. Glass tables show real-time data generated by KPIs and services.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview
https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/ServiceSwap



Which of the following is the best use case for configuring a Multi-KPI Alert?

  1. Comparing content between two notable events.
  2. Using machine learning to evaluate when data falls outside of an expected pattern.
  3. Comparing anomaly detection between two KPIs.
  4. Raising an alert when one or more KPIs indicate an outage is occurring.

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA



In distributed search, which components need to be installed on instances other than the search head?

  1. SA-IndexCreation and SA-ITSI-Licensechecker on indexers.
  2. SA-IndexCreation and SA-ITOA on indexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
  3. SA-IndexCreation on idexers; SA-ITSI-Licensechecker and SA-UserAccess on the license master.
  4. SA-ITSI-Licensechecker on indexers.

Answer(s): A

Explanation:

SA-IndexCreation is required on all indexers. For non-clustered, distributed environments, copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on individual indexers.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallDD






Post your Comments and Discuss Splunk® SPLK-3002 exam with other Community members:

SPLK-3002 Discussions & Posts