Data Models Flashcards
Which of the following do all event datasets contain? Select all that apply.
- Children
- Fields
- Constraints
- Purchases
Fields
Constraints
When adding fields to a dataset, which of the following creates a new field based on an expression that you define?
- Lookup
- Eval Expression
- Auto-Extracted
- Geo IP
Eval Expression
What occurs when setting a field flag to Hidden?
- The field doesn’t have to appear in every event.
- Only events that contain the field are returned.
- The field is not displayed to Pivot users when they select the dataset in Pivot.
- Constraints will ignore the use of this field.
The field is not displayed to Pivot users when they select the dataset in Pivot.
What functionality is provided to allow collaboration with other Splunk users to create, modify or test data models?
- Creating data models in the Search & Reporting app
- Splunk user integration, such as LDAP
- Downloading and uploading data models
- The data model “clone” functionality
Downloading and uploading data models
When creating a data model, which of the following is true? Select all that apply.
- Splunk highly recommends overriding the default ID to prevent confusion.
- The process fails if you are not logged in as an admin user.
- As the title is entered an ID is automatically generated.
- Only the Search & Reporting and Monitoring Console apps can be selected.
As the title is entered an ID is automatically generated.
True of False: You can only split a pivot with a maximum of one row or column.
FALSE
TRUE
False
What is required to configure persistent data model acceleration?
- A user role with the accelerate_datamodel capability
- A private data model
- A user accessing a data model dataset in Pivot
- All 3 root dataset types: events, search, and transaction
A user role with the accelerate_datamodel capability
Which of the following accurately describes data models? Select all that apply.
- A knowledge object that applies information structure to raw data
- Must contain at least one of each dataset: Events, Searches, and Transactions
- Can be used by the Pivot interface to generate reports and dashboard panels
- Can only be designed by users with the admin role
A knowledge object that applies information structure to raw data
Can be used by the Pivot interface to generate reports and dashboard panels
Data models contain the following. Select all that apply.
- inherited and extracted fields
- constraints
- event object hierarchy
inherited and extracted fields
constraints
event object hierarchy
What do Pivots require to create visualizations in Splunk? Select all that apply.
- lookups
- data models
- web filters
- spreadsheets
lookups
data models
To add a Root Event Dataset, what field is required to be manually added?
- Duration maxpause maxspan
- Dataset Name
- Dataset ID
Dataset Name
True or False: A constraint inherited by the children dataset from the parent dataset can be removed.
TRUE
FALSE
False
By default, the sort command lists results in __________ order.
descending
ascending
ascending
Which of the following accurately describes pivots? Select all that apply.
- Requires use of datasets
- Alternate method to access data without using search language
- Quick way to design visualizations of data using Splunk Web
- Requires the use of simplified search language
Requires use of datasets
Alternate method to access data without using search language
Quick way to design visualizations of data using Splunk Web
A data model can consist of the following three types of datasets. Select all that apply.
- events
- searches
- Pivot reports
- transactions
events
searches
transactions
