SPLUNK

5 Main components of Splunk ES correct answer: Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. What does index data do? (3) correct answer: 1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) correct answer: Admin, Power, User An admin does what? correct answer: Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? correct answ...

Having separate indexes allows: Select all that apply. Faster Searches. Ability to limit access. Multiple retention policies correct answer: Faster Searches. Ability to limit access. Multiple retention policies Machine data is only generated by web servers. False True correct answer: False Machine data makes up for more than ___% of the data accumulated by organizations. 50 90 10 25 correct answer: 90 Machine data is only generated by web servers. ...

Which search will return the same events as the search in the searchbar? password failed correct answer: password AND failed What is the most efficient way to filter events in Splunk? correct answer: By time. Which is not a comparison operator in Splunk? correct answer: ?= How is the asterisk used in Splunk search? correct answer: As a wildcard As general practice, inclusion is better than exclusion in a Splunk search. correct answer: True Field names are _________. correc...

What are the different components of Splunk? (1.1 Splunk components) correct answer: Indexer, Search Head, Forwarder Function of an Indexer (1.1 Splunk components) correct answer: process incoming data + process search requests from search head Function of a Search Head (1.1 Splunk components) correct answer: use SPL to search + receive results of search Function of a Forwarder (1.1 Splunk components) correct answer: supplies data for indexing Which component does the pro...

Field values are case sensitive. correct answer: false How is the asterisk used in Splunk search? correct answer: as a wildcard How many results are shown by default when using a Top or Rare Command? correct answer: 10 These are booleans in the Splunk Search Language. correct answer: NOT; AND; OR Which is not a comparison operator in Splunk? correct answer: ?= Which command removes results with duplicate field values? correct answer: dedup Warm buckets in Splunk indexes a...

Workflow Actions can only be applied to a single field. Select your answer. FALSE TRUE correct answer: FALSE This Workflow Action type sends field values to external resources. Select your answer. POST Search GET correct answer: POST When using a field value variable with a Workflow Action, which punctuation mark will escape the data? Select your answer. * ! # ^ correct answer: ! Required fields in a data model: Select your answer. constrains the ...

Machine data is only generated by web servers. correct answer: False Machine data is always structured. correct answer: False Machine data makes up for more than ___% of the data accumulated by organizations. correct answer: 90 In most Splunk deployments, ________ serve as the primary way data is supplied for indexing. correct answer: Forwarders What are the three main processing components of Splunk? correct answer: Forwarders, Indexers, Search Heads Which of these is not a ...