Get ahead with a $300 test prep scholarship
| Enter to win by Tuesday 9/24
Terms in this set (49)
In most production environments, _______ will be used as your the source of data input.
Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.
Splunk uses ________ to categorize the type of data being indexed.
The monitor input option will allow you to continuously monitor files.
Files indexed using the the upload input option get indexed _____.
When zooming in on the event time line, a new search is run.
When a search is sent to splunk, it becomes a _____.
Commands that create statistics and visualizations are called _______________ commands.
The time stamp you see in the events is based on the time zone in your user account.
These are booleans in the Splunk Search Language.
Field values are case sensitive.
Which is not a comparison operator in Splunk?
Wildcards cannot be used with field searches.
Field names are ________.
Having separate indexes allows:
Multiple retention policies
Ability to limit access
This symbol is used in the "Advanced" section of the time range picker to round down to nearest unit of specified time.
As a general practice, exclusion is better than inclusion in a Splunk search.
What is the most efficient way to filter events in Splunk?
Time to search can only be set by the time range picker.
Excluding fields using the Fields Command will benefit performance.
Would the ip column be removed in the results of this search? Why or why not?
No, because the name was changed
Which command removes results with duplicate field values?
What command would you use to remove the status field from the returned events?
Finish the rename command to change the name of the status field to HTTP Status.
status as "HTTP Status"
How many results are shown by default when using a Top or Rare Command?
Which stats function would you use to find the average value of a field?
Which one of these is not a stats function?
Which clause would you use to rename the count field?
To display the most common values in a specific field, what command would you use?
Charts can be based on numbers, time, or location.
If a search returns this, you can view the results as a chart.
These roles can create reports:
_____________ are reports gathered together into a single pane of glass.
In a dashboard, a time range picker will only work on panels that include a(n) __________ search.
Data models are made up of ___________.
The instant pivot button is displayed in the statistics and visualization tabs when a _______ search is run.
Adding child data model objects is like the ______ Boolean in the Splunk search language.
Which role(s) can create data models?
These are knowledge objects that provide the data structure for pivot.
A lookup is categorized as a dataset.
When using a .csv file for Lookups, the first row in the file represents this.
Finish this search command so that it displays data from the http_status.csv Lookup file.
External data used by a Lookup can come from sources like:
To keep from overwriting existing fields with your Lookup you can use the ____________ clause.
Real-time alerts will run the search continuously in the background.
Once an alert is created, you can no longer edit its defining search.
Alerts can be shared to all apps.
Alerts can send an email.
An alert is an action triggered by a _____________.