What is the purpose of using a by clause with the stats command?
A.
To group the results by one or more fields.
B.
To compute numerical statistics on each field.
C.
To specify how the values in a list are delimited.
D.
To partition the input data based on the split-by fields
To group the results by one or more fields.
Which events will be returned by the following search string?
A.
All events that either have a host of www3 or a status of 503.
B.
All events with a host of www3 that also have a status of 503
C.
We need more information: we cannot tell without knowing the time range
D.
We need more information a search cannot be run without specifying an index
We need more information a search cannot be run without specifying an index
Which of the following searches would return events with failure in index netfw or warn or critical in index netops?
A.
(index=netfw failure) AND index=netops warn OR critical
B.
(index=netfw failure) OR (index=netops (warn OR critical))
C.
(index=netfw failure) AND (index=netops (warn OR critical))
D.
(index=netfw failure) OR index=netops OR (warn OR critical)
(index=netfw failure) OR (index=netops (warn OR critical))
Select the answer that displays the accurate placing of the pipe in the following search string:
index=security sourcetype=access_* status=200 stats count by price
A.
B.
index=security sourcetype=access_* status=200 | stats count by price
C.
index=security sourcetype=access_* status=200 | stats count | by price
D.
index=security sourcetype=access_* | status=200 | stats count by price
What does the stats command do?
A.
B.
Converts field values into numerical values
C.
Calculates statistics on data that matches the search criteria
D.
Analyzes numerical fields for their ability to predict another discrete field
Which is a primary function of the timeline located under the search bar?
A.
To differentiate between structured and unstructured events in the da
B.
To sort the events returned by the search command in chronological orde
C.
o zoom in and zoom out. although this does not change the scale of the chart
To differentiate between structured and unstructured events in the da
Which statement is true about Splunk alerts?
A.
Alerts are based on searches that are either run on a scheduled interval or in real-time
B.
Alerts are based on searches that are either run on a scheduled interval or in real-time.
C.
Alerts are based on searches and when triggered will only send an email notification.
D.
Alerts are based on searches and require cron to run on scheduled interval.
E.
Alerts are based on searches that are run exclusively as real-time
Alerts are based on searches that are either run on a scheduled interval or in real-time
What can be configured using the Edit Job Settings menu?
A.
Export the results to CSV format
B.
Add the Job results to a dashboard
C.
Schedule the Job to re-run in 10 minutes
D.
Change Job Lifetime from 10 minutes to 7 days.
Export the results to CSV format
Which command is used to validate a lookup file?
A.
| lookup products.csv
B.
inputlookup products.csv
C.
I inputlookup products.csv
D.
lookup definition products.csv
I inputlookup products.csv
Which stats command function provides a count of how many unique values exist for a given field in the result set?
A.
dc(field)
B.
count(field)
C.
count-by(field)
D.
distinct-count(field)
dc(field)
What user interface component allows for time selection?
A.
Time summary
B.
Time range picker
C.
Search time picker
D.
Data source time statistics
Time range picker
When an alert action is configured to run a script, Splunk must be able to locate the script. Which is one of the directories Splunk will look in to find the script?
A.
B.
$SPLUNK_HOME/etc/scripts
C.
$SPLUNK_HOME/bin/etc/scripts
D.
$SPLUNK_HOME/etc/scripts/bin
| Page 3 out of 21 Pages |
| Previous |