Splunk fundamentals 1 final quiz 56 Questions with Answers 2023,100% CORRECT

Splunk fundamentals 1 final quiz 56 Questions with Answers 2023 Machine data is always structured.CORRECT ANSWER false Machine data makes up for more than ___% of the data accumulated by organizations.CORRECT ANSWER 90 Machine data is only generated by web servers.CORRECT ANSWER false Which of these is not a main component of Splunk?CORRECT ANSWER compress and archive Search requests are processed by the ____________.CORRECT ANSWER Indexer which function is not part of the single instance deploymentCORRECT ANSWER clustering what are the three main processing components of splunk?CORRECT ANSWER 1. indexers 2. forwarders 3. search heads In most Splunk deployments, ________ serve as the primary way data is supplied for indexing.CORRECT ANSWER forwarders The password for a newly installed Splunk instance is:CORRECT ANSWER Created when you install Splunk Enterprise. You can launch and manage apps from the home app.CORRECT ANSWER true Which apps ship with Splunk Enterprise?CORRECT ANSWER Search & Reporting, Home App What are the three main default roles in Splunk Enterprise?CORRECT ANSWER 1. admin 2. power define what users can do in Splunk.CORRECT ANSWER Roles Files indexed using the the upload input option get indexed _____.CORRECT ANSWER Once The monitor input option will allow you to continuously monitor files.CORRECT ANSWER true Splunk knows where to break the event, where the time stamp is located and how to automatically create field value pairs using these.CORRECT ANSWER source types In most production environments, _______ will be used as the source of data input.CORRECT ANSWER forwarder Splunk uses ____________ to categorize the type of data being indexed.CORRECT ANSWER source type Shared search jobs remain active for _______ by default.CORRECT ANSWER 7 days What is the order of evaluation for Boolean operations in Splunk?CORRECT ANSWER NOT, OR, AND The time stamp you see in the events is based on the time zone in your user account.CORRECT ANSWER True These are booleans in the Splunk Search Language.CORRECT ANSWER NOT, AND, OR Field values are case sensitive.CORRECT ANSWER false Which is not a comparison operator in Splunk?CORRECT ANSWER ?= Wildcards cannot be used with field searches.CORRECT ANSWER false Field names are _________.CORRECT ANSWER case sensitive What is the most efficient way to filter events in Splunk?CORRECT ANSWER by time Having separate indexes allows:CORRECT ANSWER Multiple retention policies Ability to limit access Faster Searches This symbol is used in the "Advanced" section of the time range picker to round down to nearest unit of specified time.CORRECT ANSWER @ As a general practice, exclusion is better than inclusion in a Splunk search.CORRECT ANSWER false Time to search can only be set by the time range picker.CORRECT ANSWER false Excluding fields using the Fields Command will benefit performance.CORRECT ANSWER false Which command removes results with duplicate field values?CORRECT ANSWER Dedup Which stats function would you use to find the average value of a field?CORRECT ANSWER avg To display the most common values in a specific field, what command would you use?CORRECT ANSWER top How many results are shown by default when using a Top or Rare Command?CORRECT ANSWER 10 Which one of these is not a stats function?CORRECT ANSWER addtotals A time range picker can be included in a report.CORRECT ANSWER true In a dashboard, a time range picker will only work on panels that include a(n) __________ search.CORRECT ANSWER inline _____________ are reports gathered together into a single pane of glass.CORRECT ANSWER dashboards Charts can be based on numbers, time or location.CORRECT ANSWER true If a search returns this, you can view the results as a chart.CORRECT ANSWER Statistical values Pivots cannot be saved as reports panels.CORRECT ANSWER false Adding child data model objects is like the ______ Boolean in the Splunk search language.CORRECT ANSWER AND Data models are made up of ___________.CORRECT ANSWER datasets Pivots can be saved as dashboards panels.CORRECT ANSWER true Which roles can create data models?CORRECT ANSWER Admin and Power When using a .csv file for Lookups, the first row in the file represents this.CORRECT ANSWER field names A lookup is categorized as a dataset.CORRECT ANSWER true To keep from overwriting existing fields with your Lookup you can use the ____________ clause.CORRECT ANSWER outputnew External data used by a Lookup can come from sources like:CORRECT ANSWER atial data ts 3.CSV files Once an alert is created, you can no longer edit its defining search.CORRECT ANSWER false alerts can run updated scriptsCORRECT ANSWER true Real-time alerts will run the search continuously in the background.CORRECT ANSWER true An alert is an action triggered by a _____________.CORRECT ANSWER saved search Alerts can send an email.CORRECT ANSWER true