Splunk User Certification Exam with complete solution
5 Main components of Splunk ES
Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze.
Three main roles in splunk? (3)
Admin, Power, User
Installs apps, creates knowledge objects for all users (what apps a user will see
by default)
Admin
Creates and shares knowledge objects for users of app, real-time searches
Power User
Only sees own knowledge objects and those shared to them
User
Apps in Splunk?
1. Pre-built dashboards, reports, alerts and workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk?
Creates knowledge objects, reports, and dashboards
The seven main components in splunk searching and reporting?
1. Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do?
Allow search by preset times, relative times. Real time (earliest, latest), date range.
Retrieve events over a specific time period.
Limiting search by ___________ is key to faster results and is a best practice
time
The time range picker is set to _________ by default.
All-time
Search jobs are available for ____ minutes by default.
10
________ commands create statistics and visualizations.
Transforming
________ tab is default tab for searches
Event
The three main search modes?
Fast, Verbose, and Smart
_______ mode has discovery off for event searches. No event or field data for
stats searches.
Fast
, ______ mode has all events and field data; switches to this mode after
visualization
Verbose
______ mode (default-based on search string data) has field discovery ON for
event searches. No event or field data for stats searches.
Smart
What does the "Job V" action button do
Edits job settings, sends jobs to the background, inspects and deletes job.
Saved searches are set to ______ by default.
private
Timestamp seen in events is based on______setting in user account profile
time zone
List the three booleans
AND OR NOT
________boolean is used if none is implied
AND
Exact phrases use______
quotes
Use a _______ for searching a string with quotes in the string
Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database "
The three default search fields automatically selected are
Source, Host, Sourcetype
_______ sidebar shows all fields extracted at search time
Fields
_______ fields that appear by default are host, sourcetype, source
Selected
_______ fields have values in at least 20% of the events
Interesting
Clicking on a field shows a list of _______, ________, and ________.
values, count, and percentage
These fields can launch a quick report by clicking on them (4)
top values, top values by time, rare values, events with this field
Use ______ to limit search to only one sourcetype
sourcetype=
_____ are case sensitive, _______ case insensitive
field names, field values
These symbols are only used with numerical values?
> >= < <= -->
(T/F) Using NOT and != would return the same results.
True
Use _______ to nest boolean searches
parenthesis
______ is better than exclusion
inclusion
5 Main components of Splunk ES
Index Data, Search & investigate, Add knowledge, Monitor & Alert, Report & Analyze.
Three main roles in splunk? (3)
Admin, Power, User
Installs apps, creates knowledge objects for all users (what apps a user will see
by default)
Admin
Creates and shares knowledge objects for users of app, real-time searches
Power User
Only sees own knowledge objects and those shared to them
User
Apps in Splunk?
1. Pre-built dashboards, reports, alerts and workflows
2. In-depth data analysis for power users
3. Search & Reporting
What does the search and reporting app do in splunk?
Creates knowledge objects, reports, and dashboards
The seven main components in splunk searching and reporting?
1. Splunk bar
2. App bar
3. Search bar
4. Time range picker
5. How to search panel
6. What to search panel
7. Search History
What does the time range picker do?
Allow search by preset times, relative times. Real time (earliest, latest), date range.
Retrieve events over a specific time period.
Limiting search by ___________ is key to faster results and is a best practice
time
The time range picker is set to _________ by default.
All-time
Search jobs are available for ____ minutes by default.
10
________ commands create statistics and visualizations.
Transforming
________ tab is default tab for searches
Event
The three main search modes?
Fast, Verbose, and Smart
_______ mode has discovery off for event searches. No event or field data for
stats searches.
Fast
, ______ mode has all events and field data; switches to this mode after
visualization
Verbose
______ mode (default-based on search string data) has field discovery ON for
event searches. No event or field data for stats searches.
Smart
What does the "Job V" action button do
Edits job settings, sends jobs to the background, inspects and deletes job.
Saved searches are set to ______ by default.
private
Timestamp seen in events is based on______setting in user account profile
time zone
List the three booleans
AND OR NOT
________boolean is used if none is implied
AND
Exact phrases use______
quotes
Use a _______ for searching a string with quotes in the string
Backslash
Example: info="user "chrisV4" not in database" info="user\"chrisV4\" not in database "
The three default search fields automatically selected are
Source, Host, Sourcetype
_______ sidebar shows all fields extracted at search time
Fields
_______ fields that appear by default are host, sourcetype, source
Selected
_______ fields have values in at least 20% of the events
Interesting
Clicking on a field shows a list of _______, ________, and ________.
values, count, and percentage
These fields can launch a quick report by clicking on them (4)
top values, top values by time, rare values, events with this field
Use ______ to limit search to only one sourcetype
sourcetype=
_____ are case sensitive, _______ case insensitive
field names, field values
These symbols are only used with numerical values?
> >= < <= -->
(T/F) Using NOT and != would return the same results.
True
Use _______ to nest boolean searches
parenthesis
______ is better than exclusion
inclusion
