ExamGecko
Search Search Login
Home Home / Splunk / SPLK-3002
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are the default ports that must be configured on Splunk to use ITSI?
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each other's services. What are the role configuration steps required to accomplish this?
Which of the following statements is accurate when using multiple policies?
When in maintenance mode, which of the following is accurate?
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?
When troubleshooting KPI search performance, which search names in job activity identify base searches?
Which of the following is a good use case for creating a custom module?
When working with a notable event group in the Notable Events Review dashboard, which of the following can be set at the individual or group level?
There are two Smart Mode configuration settings that control how fields affect grouping. Which of these is correct?

Question 3 - SPLK-3002 discussion

Report
Export

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

A.
Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
Answers
A.
Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.
B.
Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
Answers
B.
Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.
C.
Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
Answers
C.
Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.
D.
Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.
Answers
D.
Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.
Suggested answer: A, B, C

Explanation:

A, B, and C are correct answers because service access control requirements for ITSI Team Access should be considered before creating the ITSI Service, as different teams may have different permissions and views of the service data. Entities, entity meta-data, and entity rules should also be planned carefully to support the service design and configuration, as they determine how ITSI maps data sources to services and KPIs. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index for faster retrieval and analysis.

Reference:ITSI service design best practices,Overview of ITSI indexes

Show Answer
asked 23/09/2024
Salih Igde
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms