Which of the following statements are correct about Search & Reporting App? (Choose three.)
A. Can be accessed by Apps > Search & Reporting.
B. Provides default interface for searching and analyzing logs.
C. Enables the user to create knowledge object, reports, alerts and dashboards.
D. It only gives us search functionality.
What are the two most efficient search filters?
A. _time and host
B. _time and index
C. host and sourcetype
D. index and sourcetype
Explanation: This is the correct answer because these two filters can help you limit the amount of data that Splunk retrieves from disk, which is the key to fast searching1. The _time filter allows you to specify a narrow time window for your search, which reduces the number of buckets that Splunk scans2. The index filter allows you to specify which index or indexes contain the data that you want to search, which reduces the number of files that Splunk reads3.
Which command will rename action to Customer Action?
A. | rename action = CustomerAction
B. | rename Action as “Customer Action”
C. | rename Action to “Customer Action”
D. | rename action as “Customer Action”
When is an alert triggered?
A. When Splunk encounters a syntax error in a search
B. When a trigger action meets the predefined conditions
C. When an event in a search matches up with a data model
D. When results of a search meet a specifically defined condition
!= and NOT are same arguments.
A. True
B. False
Monitor option in Add Data provides _______________.
A. Only continuous monitoring
B. Only One-time monitoring.
C. None of the above.
D. Both One-time and continuous monitoring
| Page 8 out of 41 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved