SPLK-3002 Exam Dumps : Splunk IT Service Intelligence Certified Admin Exam

C. New KPIs. This is true because when you add new KPIs to a service template, they will be automatically added to all the services that are linked to that template. This helps you keep your services consistent and up-to-date with the latest KPI definitions.

The other options will not be added to linked services by default because:

A. Thresholds. This is not true because when you change thresholds in a service template, they will not affect the existing thresholds in the linked services. You need to manually apply the threshold changes to each linked service if you want them to inherit the new thresholds from the template.

B. Entity rules. This is not true because when you change entity rules in a service template, they will not affect the existing entity rules in the linked services. You need to manually apply the entity rule changes to each linked service if you want them to inherit the new entity rules from the template.

D. Health score. This is not true because when you change health score settings in a service template, they will not affect the existing health score settings in the linked services. You need to manually apply the health score changes to each linked service if you want them to inherit the new health score settings from the template.

Splunk ITSI offers two built‑in anomaly detection algorithms:TrendingandEntity Cohesion. TheTrendingalgorithm works on theaggregate KPI series, comparing recent KPI behavior with its historical pattern to detect unusual trending patterns over time. It doesnotevaluate behavior across separate entities within the KPI split — it simply looks at deviations from historical trends in the combined KPI values. On the other hand, theEntity Cohesionalgorithm is specifically designed to detect when entities that are expected to behave similarly begin to diverge in behavior. When a KPI is split by entity (for example, multiple servers, locations, or service tiers), Entity Cohesion normalizes each entity’s time series and compares them against each other. If one entity’s pattern differs significantly from the group’s patterns, it is flagged as an anomaly. This matches the “paired monitoring requirement” of producing an alert whenone entity in the KPI is not behaving similarly to the other entities. The option describing entity cohesion paired with that requirement reflects the correct use case for this algorithm in ITSI. Neither trending anomaly detection nor entity cohesion anomaly detection is intended to detect multiple KPIs deviating at the service level — such cross‑KPI alerts are handled by other alerting constructs like multi‑KPI alerts or correlation searches, not these specific anomaly algorithms.