Splunk SPLK-3002 Real Exam Questions
The questions for SPLK-3002 were last updated at Nov 20,2024.
- Exam Code: SPLK-3002
- Exam Name: Splunk IT Service Intelligence Certified Admin Exam
- Certification Provider: Splunk
- Latest update: Nov 20,2024
What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?
- A . Use | stats functions in custom fields to prepare the data for KPI calculations.
- B . Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
- C . Make sure that all fields conform to CIM, then use the corresponding module to import related services.
- D . Plan to build as many data models as possible for ITSI to leverage
What effects does the KPI importance weight of 11 have on the overall health score of a service?
- A . At least 10% of the KPIs will go critical.
- B . Importance weight is unused for health scoring.
- C . The service will go critical.
- D . It is a minimum health indicator KPI.
Which scenario would benefit most by implementing ITSI?
- A . Monitoring of business services functionality.
- B . Monitoring of system hardware.
- C . Monitoring of system process statuses
- D . Monitoring of retail sales metrics.
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0.
Which statement is accurate about this configuration?
- A . If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
- B . If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
- C . If this value is set to 0, the scheduler may skip scheduled execution periods.
- D . If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
What is an episode?
- A . A workflow task.
- B . A deep dive.
- C . A notable event group.
- D . A notable event.
Which of the following is the best use case for configuring a Multi-KPI Alert?
- A . Comparing content between two notable events.
- B . Using machine learning to evaluate when data falls outside of an expected pattern.
- C . Comparing anomaly detection between two KPIs.
- D . Raising an alert when one or more KPIs indicate an outage is occurring.
Which of the following accurately describes base searches used for KPIs in a service?
- A . Base searches can be used for multiple services.
- B . A base search can only be used by its service and all dependent services.
- C . All the metrics in a base search are used by one service.
- D . All the KPIs in a service use the same base search.
Which of the following is an advantage of using adaptive time thresholds?
- A . Automatically update thresholds daily to manage dynamic changes to KPI values.
- B . Automatically adjust KPI calculation to manage dynamic event data.
- C . Automatically adjust aggregation policy grouping to manage escalating severity.
- D . Automatically adjust correlation search thresholds to adjust sensitivity over time.
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
- A . 6 months.
- B . 9 months.
- C . 1 year.
- D . 3 months.