Splunk
SPLK-3002
Q1:
Which of the following is a characteristic of notable event groups?
○
A
Notable event groups combine independent notable events.○
B
Notable event groups are created in the itsi_tracked_alerts index.○
C
Notable event groups allow users to adjust threshold settings.○
D
All of the above.
Splunk
SPLK-3002
Q2:
How should entities be handled during the data audit phase of requirements gathering?
○
A
Entity meta-data for info and aliases should be identified and recorded as requirements.○
B
Entities should be noted based upon Service KPI requirements such as 'by host' or 'by product line'.○
C
Entities must be identified for every Service KPI defined and recorded in requirements.○
D
Entities identified should be included in the entity filtering requirements, such as 'by processld' or 'by host'.
Splunk
SPLK-3002
Q3:
Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)
☐
A
Memory KPI in a glass table.☐
B
Memory panel of the OS Host Details view in the Operating System module.☐
C
Memory swim lane in a Deep Dive.☐
D
Service & KPI tiles in the Service Analyzer.
Splunk
SPLK-3002
Q4:
Which of the following is a recommended best practice for ITSI installation?
○
A
ITSI should not be installed on search heads that have Enterprise Security installed.○
B
Before installing ITSI, make sure the Common Information Model (CIM) is installed.○
C
Install the Machine Learning Toolkit app if anomaly detection must be configured.○
D
Install ITSI on one search head in a search head cluster and migrate the configuration bundle to other search heads.
Splunk
SPLK-3002
Q5:
Which of the following is part of setting up a new aggregation policy?
○
A
Filtering criteria○
B
Policy version○
C
Review order○
D
Module rules