Free Demo Questions

Test Online Free Splunk SPLK-3002 Exam Questions and Answers

Practice a live sample before buying full access. This page keeps the free SPLK-3002 question set organized by page so visitors and search engines can reach the canonical -questions.html URL directly.

Updated May 20, 2024 12 Questions 1 Pages

Get SPLK-3002 Full Access

Question 1 Selectable Answer

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

A. 6 months.
B. 9 months.
C. 1 year.
D. 3 months.

Answer:
Explanation:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections

Question 2 Selectable Answer

In maintenance mode, which features of KPIs still function?

A. KPI searches will execute but will be buffered until the maintenance window is over.
B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
C. New KPIs can be created, but existing KPIs are locked.
D. KPI calculations and threshold settings can be modified.

Answer:
Explanation:
It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW

Question 3 Selectable Answer

Which of the following describes entities? (Choose all that apply.)

A. Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.
B. An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.
C. Multiple entities can share the same alias value, but must have different role values.
D. To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in Service”.

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/KPIfilter

Question 4 Selectable Answer

Which of the following is a characteristic of base searches?

A. Search expression, entity splitting rules, and thresholds are configured at the base search level.
B. It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.
C. The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
D. The base search will execute whether or not a KPI needs it.

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/BaseSearch

Question 5 Selectable Answer

What is the main purpose of the service analyzer?

A. Display a list of All Services and Entities.
B. Trigger external alerts based on threshold violations.
C. Allow Analysts to add comments to Alerts.
D. Monitor overall Service and KPI status.

Answer:

Question 6 Selectable Answer

Which of the following is a recommended best practice for service and glass table design?

A. Plan and implement services first, then build detailed glass tables.
B. Always use the standard icons for glass table widgets to improve portability.
C. Start with base searches, then services, and then glass tables.
D. Design glass tables first to discover which KPIs are important.

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview

Question 7 Selectable Answer

Anomaly detection can be enabled on which one of the following?

A. KPI
B. Multi-KPI alert
C. Entity
D. Service

Answer:
Explanation:
Enable anomaly detection to identify trends and outliers in KPI search results that might indicate an issue with your system.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD

Question 8 Selectable Answer

Which of the following items apply to anomaly detection? (Choose all that apply.)

A. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.
B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD

Question 9 Selectable Answer

Which of the following describes a way to delete multiple duplicate entities in ITSI?

A. Via c CSV upload.
B. Via the entity lister page.
C. Via a search using the | deleteentity command.
D. All of the above.

Answer:
Explanation:
Import entities from CSV files that contain one or more entity definitions. Importing entities from CSV files is an efficient way to define multiple entities.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Entity/ImportCSV

Question 10 Selectable Answer

Which of the following is a valid type of Multi-KPI Alert?

A. Score over composite.
B. Value over time.
C. Status over time.
D. Rise over run.

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA

Question 11 Selectable Answer

Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)

A. A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
B. ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
C. kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
D. ITSI backups are stored as a collection of JSON formatted files.

Answer:
Explanation:
ITSI provides a kvstore_to_json.py script that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules.
When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file.
Reference:
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/kvstorejson
https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/BackupandRestoreITSIconfi g

Question 12 Selectable Answer

Within a correlation search, dynamic field values can be specified with what syntax?

A. fieldname
B. <fieldname /fieldname>
C. %fieldname%
D. eval(fieldname)

Answer:
Explanation:
Reference: https://docs.splunk.com/Documentation/Splunk/8.2.2/Search/Searchindexes

Current Exam

SPLK-3002

Splunk
Splunk IT Service Intelligence Certified Admin Exam

View Full SPLK-3002 Package