Splunk Certification Exam 2023 Guide Complete
5 Main components of Splunk ES
Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3)
1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk...
splunk certification exam 2023 guide complete 5 main components of splunk es index data
search amp investigate
monitor amp alert
report amp analyze what does index data do
Written for
Splunk
All documents for this subject (359)
Seller
Follow
LECTMAGGY
Reviews received
Content preview
Splunk Certification Exam 2023 Guide Complete
5 Main components of Splunk ES
Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze.
What does index data do? (3)
1. Collects data
2. Label data with source type
3. Stored in splunk index
Three main roles in splunk? (3)
Admin, Power, User
An admin does what?
Install apps, create knowledge objects for all users (what apps a user will see by
default)
A power user does what?
Creates and shares knowledge objects for users of app, real-time searches
A Splunk user does what?
Only see own knowledge objects and those shared to them.
Apps in Splunk?
1. Pre-built dashboards, reports, alerts and workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk?
Creates knowledge objects, reports, and dashboards
The seven main components in splunk searching and reporting?
1. Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do?
Allow search by preset times, relative times. Real time (earliest, latest), date range.
Retrieve events over a specific time period.
Limiting search by ___________ is key to faster results and is a best practice
time
The time range picker is set to _________ by default.
All-time
Search jobs are available after ____ minutes by default.
10
________ commands create statistics and visualizations.
Transforming
________ tab is default tab for searches
Event
What are the three main search modes?
Fast, Verbose, and Smart
, _______ mode discovery off for event searches. No event or field data for stats
searches.
Fast
______ mode all events and field data; switches to this mode after visualization
Verbose
______ mode (default-based on search string data). Field discovery ON for event
searches. No event or field data for stats searches.
Smart
This search action button "Job V" does what?
Edit job settings, send job to background, inspect and delete job.
Saved searches are set to ______ by default.
private
Timestamp seen in events is based on______setting in user account profile
time zone
List the three booleans
AND OR NOT
________boolean is used if none is implied.
AND
Exact phrases use______
quotes
Use a _______ for searching a string with quotes in the string.
Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database "
Three default search fields automatically selected?
Source, Host, Sourcetype
_______ sidebar shows all field extracted at search time.
Fields
_______ Fields appear in event, default-host, sourcetype, source
Selected
_______ fields have values in at least 20% of the events
Interesting
Clicking on a field shows a list of _______, ________, and ________.
values, count, and percentage
These fields can launch a quick report by clicking on them (4)
top values, top values by time, rare values, events with this field
Use ______ to limit search to only one sourcetype
sourcetype=
Field names _____ case sensitive- Values _______ case sensitive
are, are not
The field operators are used with numerical string values (symbols)
= != -->
These symbols are only used with numerical values?
> >= < <= -->
Using _____ and ____ (symbols) would return the same results.
NOT, !=
Use _______ to nest boolean searches
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LECTMAGGY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.