SPLK-3002 Exam Questions Tutorials

Splunk IT Service Intelligence Certified Admin Exam Questions and Answers

Question 17

Which of the following can generate notable events?

Through ad-hoc search results which get processed by adaptive thresholds.

When two entity aliases have a matching value.

Through scheduled correlation searches which link to their respective services.

Manually selected using the Notable Event Review panel.

Question 18

Which of the following accurately describes base searches used for KPIs in a service?

Base searches can be used for multiple services.

A base search can only be used by its service and all dependent services.

All the metrics in a base search are used by one service.

All the KPIs in a service use the same base search.

Question 19

Which of the following is a characteristic of base searches?

Search expression, entity splitting rules, and thresholds are configured at the base search level.

It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.

The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.

The base search will execute whether or not a KPI needs it.

Question 20

Which capabilities are enabled through “teams”?

Teams allow searches against the itsi_summary index.

Teams restrict notable event alert actions.

Teams restrict searches against the itsi_notable_audit index.

Teams allow restrictions to service content in UI views.