New Flashcards
(42 cards)
When can a pipe follow a macro?
A. A pipe may always follow a macro. Most Voted
B. The current user must own the macro.
C. The macro must be defined in the current app.
D. Only when sharing is set to global for the macro.
A. A pipe may always follow a macro.
Data Models
Data models drive the pivot toool.
Data models enable users of Pivot to create compelling reports and dashboards without designing the searches that generate them
Data models are composed of one or more of which of the following datasets? (Choose all that apply.)
A. Events datasets
B. Search datasets
C. Transaction datasets
D. Any child of event, transaction, and search datasets
A, B, and C
Pivot Tool
A table, chart, or visualization based on a data model dataset.
Used by users that dont need to know SPL
Splunk shows data in _____ .
A.
ASCII Character order.
B.
Reverse chronological order.
C.
Alphanumeric order.
D.
Chronological order.
B.
Reverse chronological order
How to tell if a field exists
The EXISTS operator
Head command
The “head” command in Splunk is used to limit the number of events returned by a search. By specifying a numeric value with the “head” command, you can restrict the search results to only display a certain number of events from the beginning of the results set.
limit command
The “limit” command is used in Splunk to restrict the number of search results returned. It helps control the volume of data displayed and enhances search performance by reducing the data set.
drilldown
Configured within individual vizualizations
Drilldown is a tool for configuring responses to user clicks on visualizations in a dashboard or form.
dropdown
Use this input to let users choose one option from a dropdown menu.
Which command is used to create a lookup table in Splunk?
a) inputlookup
b) outputlookup
c) evallookup
d) createlookup
b) outputlookup
The correct command to create a lookup table in Splunk is the “outputlookup” command. This command allows you to output the results of a search into a lookup table.
Which command is used to perform a lookup in Splunk?
a) inputlookup
b) outputlookup
c) evallookup
d) searchlookup
a) inputlookup
The “inputlookup” command is used to perform a lookup in Splunk. This command allows you to search and retrieve data from an existing lookup table.
How can you associate a lookup table with your data during the indexing process in Splunk?
a) By configuring props.conf and transforms.conf.
b) By using the append command in a search pipeline.
c) By applying field extractions to the lookup table.
d) By defining a lookup definition file.
a) By configuring props.conf and transforms.conf.
To associate a lookup table with your data during the indexing process in Splunk, you need to configure props.conf and transforms.conf. These configuration files allow you to define rules that specify which lookup table to use based on specific criteria, such as sourcetype or source.
What is the purpose of using a cron schedule for a scheduled report in Splunk?
a) To specify the time zone for the report
b) To define the search string for the report
c) To schedule the report to run at specific time intervals
d) To enable real-time monitoring for the report
c) To schedule the report to run at specific time intervals
A cron schedule is used in Splunk to define the specific time intervals at which a scheduled report should run.
Machine data makes up for more than ___% of the data accumulated by organizations.
90
Which apps ship with Splunk Enterprise?
(Select all that apply.)
A) Home App
B) Sideview Utils
C) Search & Reporting
D) DB Connect
A) Home App
C) Search & Reporting
The default username and password for a newly installed Splunk instance is:
A) username and password
B) admin and changeme
C) admin and 12345
D) buttercup and rawks
B) admin and changeme
To keep from overwriting existing fields with your Lookup you can use the _________ clause.
OUTPUTNEW
What is a transforming command?
A type of search command that orders the results into a data table. Transforming commands “transform” the specified cell values for each event into numerical values that Splunk Enterprise can use for statistical purposes.
What are seven common transforming commands?
Transforming commands include:
1) chart
2) timechart
3) stats
4) top
5) rare
6) contingency
7) highlight.
What does CIM stand for and what is it?
Common Information Model (CIM).
A shared semantic model focused on extracting value from data.
What is pivot?
Pivot is a command that applies a pivot operation to data.
For example: This command counts the number of events in the “HTTP Requests” object in the “Tutorial” data model.
…| pivot Tutorial HTTP_requests count(HTTP_requests) AS “Count of HTTP requests”
What are the three required parts of a pivot?
The pivot command is a generating command and must be first in a search pipeline. It requires a large number of inputs: the data model, the data model object, and pivot elements.
…| pivot <datamodel-name> <object-name> <pivot-element></pivot-element></object-name></datamodel-name>
What does SPL stand for and what are some of it’s features?
Search Processing Language (SPL)
It is Splunk’s proprietary language. SPL encompasses all the search commands and their functions, arguments, and clauses. Its syntax was originally based on the Unix pipeline and SQL. The scope of SPL includes data searching, filtering, modification, manipulation, insertion, and deletion.
