Three main roles in splunk? (3) - answer-Admin, Power, User
An admin does what? - answer-Install apps, create knowledge objects for all users (what apps a user will see by default)
A power user does what? - answer-Creates and shares knowledge objects for users of app, real-time searches
A ...
END OF SEMESTER FINAL EXAM SPLUNK
FUNDAMENTALS
Three main roles in splunk? (3) - answer-Admin, Power, User
An admin does what? - answer-Install apps, create knowledge objects for all
users (what apps a user will see by default)
A power user does what? - answer-Creates and shares knowledge objects for
users of app, real-time searches
A Splunk user does what? - answer-Only see own knowledge objects and
those shared to them.
Apps in Splunk? - answer-1. Pre-built dashboards, reports, alerts and
workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk? - answer-Creates
knowledge objects, reports, and dashboards
The seven main components in splunk searching and reporting? - answer-1.
Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do? - answer-Allow search by preset times,
relative times. Real time (earliest, latest), date range. Retrieve events over a
specific time period.
Limiting search by ___________ is key to faster results and is a best practice -
answer-time
The time range picker is set to _________ by default. - answer-All-time
Search jobs are available after ____ minutes by default. - answer-10
________ commands create statistics and visualizations. - answer-
Transforming
, ________ tab is default tab for searches - answer-Event
What are the three main search modes? - answer-Fast, Verbose, and Smart
_______ mode discovery off for event searches. No event or field data for
stats searches. - answer-Fast
______ mode all events and field data; switches to this mode after
visualization - answer-Verbose
______ mode (default-based on search string data). Field discovery ON for
event searches. No event or field data for stats searches. - answer-Smart
This search action button "Job V" does what? - answer-Edit job settings, send
job to background, inspect and delete job.
Saved searches are set to ______ by default. - answer-private
Timestamp seen in events is based on______setting in user account profile -
answer-time zone
List the three booleans - answer-AND OR NOT
________boolean is used if none is implied. - answer-AND
Exact phrases use______ - answer-quotes
Use a _______ for searching a string with quotes in the string. - answer-
Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in
database "
Three default search fields automatically selected? - answer-Source, Host,
Sourcetype
_______ sidebar shows all field extracted at search time. - answer-Fields
_______ fields have values in at least 20% of the events - answer-Interesting
Clicking on a field shows a list of _______, ________, and ________. - answer-
values, count, and percentage
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TOPDOCTOR. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.
