SPLUNK

5 Main components of Splunk Enterprise correct answer: Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. - Module 1 Three main roles in splunk? (3) correct answer: Admin, Power, User - Module 1 What role can Install apps, create knowledge objects for all users, and can control what apps a user will see by default correct answer: Admin What role can creates and share knowledge objects for users of app, and create real-time searches correct...

Creating Searches and Saving Results: Selected fields are displayed ______each event in the search results. a) below b) interesting fields c) other fields d) above correct answer: a) below Creating Searches and Saving Results: Search terms are not case sensitive. a) True b) False correct answer: a) True Creating Searches and Saving Results: These two searches will NOT return the same results. SEARCH 1:login failure SEARCH 2: "login failure". a) True b) False correct answer: ...

"Table" command correct answer: returns table containing only specified fields in the result set "rename" command correct answer: renames a field in results "fields" command correct answer: includes or excludes specified fields "dedup" command correct answer: removes duplicates from results "sort" command correct answer: sorts results by specified field "lookup" command correct answer: adds field values from external source T/F: Boolean are case sensitive? cor...

M1: What is machine data ? correct answer: Data generated by machines, computer processing, application and sensor data etc... M1: Where machine data comes from ? correct answer: Computers, network devices, sensors, phones, cars etc... M1: Is machine data always structured ? correct answer: No M1: How much percent machine data is accumulated by organizations ? correct answer: 90% M1: How Splunk process the unstructured machine data ? correct answer: By adding it to a intelligent...

5 Main components of Splunk ES correct answer: Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. What does index data do? (3) correct answer: 1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) correct answer: Admin, Power, User An admin does what? correct answer: Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? correct answ...

T/F: Machine data is always structured. correct answer: False. Machine data can be structured or unstructured. Machine data makes up for more than ___% of the data accumulated by organizations. correct answer: 90 T/F: Machine data is only generated by web servers. correct answer: False Search requests are processed by the ___________. correct answer: Indexers Search strings are sent from the _________. correct answer: Search Head In most Splunk deployments, ________ serv...

5 Main components of Splunk ES correct answer: Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze. What does index data do? (3) correct answer: 1. Collects data 2. Label data with source type 3. Stored in splunk index Three main roles in splunk? (3) correct answer: Admin, Power, User An admin does what? correct answer: Install apps, create knowledge objects for all users (what apps a user will see by default) A power user does what? correct answ...

Having separate indexes allows: Select all that apply. Faster Searches. Ability to limit access. Multiple retention policies correct answer: Faster Searches. Ability to limit access. Multiple retention policies Machine data is only generated by web servers. False True correct answer: False Machine data makes up for more than ___% of the data accumulated by organizations. 50 90 10 25 correct answer: 90 Machine data is only generated by web servers. ...

Machine data is generated by correct answer: All types of system in an organization Structure of machine data correct answer: Unstructured Machine data makes up ___% of data accumulated by organizations correct answer: 90 Main way data is supplied for indexing correct answer: Forwarders Search requests are processed by the correct answer: Indexers 3 main components of splunk correct answer: Collect and index data Add knowledge Search and investigate Single instance depl...

Which search will return the same events as the search in the searchbar? password failed correct answer: password AND failed What is the most efficient way to filter events in Splunk? correct answer: By time. Which is not a comparison operator in Splunk? correct answer: ?= How is the asterisk used in Splunk search? correct answer: As a wildcard As general practice, inclusion is better than exclusion in a Splunk search. correct answer: True Field names are _________. correc...