SPLK-3002 Free Practice Test

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

1. A. Ping a host.
2. B. Send email.
3. C. Include in RSS feed.
4. D. Run a script.

Correct Answer: BCD
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing).
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/ConfigCS
B, C, and D are correct answers because they are the default alert actions that a correlation search can execute besides creating notable events. You can configure a correlation search to send an email, include the results in an RSS feed, or run a custom script when the search matches a defined pattern. Ping a host is not a default alert action for correlation searches. References: Configure correlation search settings in ITSI

Which views would help an analyst identify that a memory usage KPI is going critical? (select all that apply)

1. A. Memory KPI in a glass table.
2. B. Memory panel of the OS Host Details view in the Operating System module.
3. C. Memory swim lane in a Deep Dive.
4. D. Service & KPI tiles in the Service Analyzer.

Correct Answer: ABCD
To identify that a memory usage KPI is going critical, an analyst can leverage multiple views within Splunk IT Service Intelligence (ITSI), each offering a different perspective or level of detail:
* A.Memory KPI in a glass table:A glass table can display the current status of the memory usage KPI, along with other related KPIs and services, providing a high-level overview of system health.
* B.Memory panel of the OS Host Details view in the Operating System module:This
specific panel within the OS Host Details view offers detailed metrics and trends related to memory usage, allowing for in-depth analysis.
* C.Memory swim lane in a Deep Dive:Deep Dives allow analysts to visually track the performance and status of KPIs over time. A swim lane dedicated to memory usage can highlight periods where the KPI goes critical, along with the context of other related KPIs. D.Service & KPI tiles in the Service Analyzer:The Service Analyzer provides a comprehensive overview of all services and their KPIs. The tiles related to memory usage can quickly alert analysts to critical conditions through color-coded indicators.
Each of these views contributes to a comprehensive monitoring strategy, enabling analysts to detect and respond to critical memory usage conditions from various analytical perspectives.

Which of the following describes a way to delete multiple duplicate entities in ITSI?

1. A. Via c CSV upload.
2. B. Via the entity lister page.
3. C. Via a search using the | deleteentity command.
4. D. All of the above.

Correct Answer: D
D is the correct answer because ITSI provides multiple ways to delete multiple duplicate entities. You can use a CSV upload to overwrite existing entities with new or updated information, or delete them by setting the action field to delete. You can also use the entity lister page to select multiple entities and delete them in bulk. Alternatively, you can use a search command called | deleteentity to delete entities that match certain criteria. References: Create and update entities using a CSV file in ITSI, Delete entities in bulk in ITSI, Delete entities using the | deleteentity command in ITSI

Which of the following best describes an ITSI Glass Table?

1. A. A view which displays a system topology overlaid with KPI metrics.
2. B. A view which describes a topology.
3. C. A dashboard which displays a system topology.
4. D. A view showing KPI values in a variety of visual styles.

Correct Answer: A
An ITSI Glass Table provides a customizable, high-level view that can display a system's topology overlaid with real-time Key Performance Indicator (KPI) metrics and service health scores. This visualization tool allows users to create a visual representation of their IT infrastructure, applications, and services, integrating live data to monitor the health and performance of each component in context. The ability to overlay KPI metrics on the system topology enables IT and business stakeholders to quickly understand the operational status and health of various elements within their environment, facilitating more informed decision-making and rapid response to issues.

What happens when an anomaly is detected?

1. A. A separate correlation search needs to be created in order to see it.
2. B. A SNMP trap will be sent.
3. C. An anomaly alert will appear in core splunk, in index=main.
4. D. An anomaly alert will appear as a notable event in Episode Review.

Correct Answer: D
When an anomaly is detected in Splunk IT Service Intelligence (ITSI), it typically generates a notable event that can be reviewed and managed in the Episode Review dashboard. The Episode Review is part of ITSI's Event Analytics framework and serves as a centralized location for reviewing, annotating, and managing notable events, including those generated by anomaly detection. This process enables IT operators and analysts to efficiently identify, prioritize, and respond to potential issues highlighted by the
anomaly alerts. The integration of anomaly alerts into the Episode Review dashboard streamlines the workflow for managing and investigating these alerts within the broader context of IT service management and operational intelligence.