SPLK-3002 Practice Questions

A.  

stats

B.  

tstats

C.  

fieldsummary

D.  

eval

A.  

KPI threshold breaches.

B.  

KPI anomaly detection.

C.  

Multi-KPI alert.

D.  

Correlation search.

A.  

Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.

B.  

An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.

C.  

Multiple entities can share the same alias value, but must have different role values.

D.  

To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in Service”.

A.  

Plan and implement services first, then build detailed glass tables.

B.  

Always use the standard icons for glass table widgets to improve portability.

C.  

Start with base searches, then services, and then glass tables.

D.  

Design glass tables first to discover which KPIs are important.

A.  

If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.

B.  

If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.

C.  

If this value is set to 0, the scheduler may skip scheduled execution periods.

D.  

If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.

A.  

Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.

B.  

Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.

C.  

Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.

D.  

Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

A.  

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.  

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.  

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.  

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

A.  

Ping a host.

B.  

Send email.

C.  

Include in RSS feed.

D.  

Run a script.

A.  

Correlation searches.

B.  

Multi-KPI alerts.

C.  

notable_event_grouping.conf

D.  

Aggregation policies.

A.  

Use | stats functions in custom fields to prepare the data for KPI calculations.

B.  

Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.

C.  

Make sure that all fields conform to CIM, then use the corresponding module to import related services.

D.  

Plan to build as many data models as possible for ITSI to leverage