SPLK-3002 Exam Dumps : Splunk IT Service Intelligence Certified Admin Exam

Splunk ITSI offers two built‑in anomaly detection algorithms:TrendingandEntity Cohesion. TheTrendingalgorithm works on theaggregate KPI series, comparing recent KPI behavior with its historical pattern to detect unusual trending patterns over time. It doesnotevaluate behavior across separate entities within the KPI split — it simply looks at deviations from historical trends in the combined KPI values. On the other hand, theEntity Cohesionalgorithm is specifically designed to detect when entities that are expected to behave similarly begin to diverge in behavior. When a KPI is split by entity (for example, multiple servers, locations, or service tiers), Entity Cohesion normalizes each entity’s time series and compares them against each other. If one entity’s pattern differs significantly from the group’s patterns, it is flagged as an anomaly. This matches the “paired monitoring requirement” of producing an alert whenone entity in the KPI is not behaving similarly to the other entities. The option describing entity cohesion paired with that requirement reflects the correct use case for this algorithm in ITSI. Neither trending anomaly detection nor entity cohesion anomaly detection is intended to detect multiple KPIs deviating at the service level — such cross‑KPI alerts are handled by other alerting constructs like multi‑KPI alerts or correlation searches, not these specific anomaly algorithms.

In the Notable Events Review dashboard within Splunk IT Service Intelligence (ITSI), when working with a notable event group, users can set or adjust certain attributes at the individual event level or at the group level. These attributes include:

Severity:The importance or impact level of the notable event or group, which can be adjusted to reflect the current assessment of the situation.

Status:The current state of the notable event or group, such as "New," "In Progress," or "Resolved," indicating the progress in addressing the event or group.

Owner:The user or team responsible for managing and resolving the notable event or group.

These settings allow for effective management and tracking of notable events, ensuring that they are appropriately prioritized, acted upon, and resolved by the responsible parties.