Is the SPLK-3002 practice exam free?

Yes. ExamCademy offers all 97 SPLK-3002 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the SPLK-3002 practice questions?

All SPLK-3002 questions are community-created and reviewed by moderators to align with Splunk's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the SPLK-3002 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Splunk documentation and hands-on experience for best results.

SPLK-3002 Practice Exam — Free 97+ Questions

97Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 4 • Questions 1-25 of 97

1 2 3 4

→

Know a question that should be here? Contribute to this exam

When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

A Gray
B Purple
C Gear Icon
D Blue

Which of the following is a best practice when configuring maintenance windows?

A Disable any glass tables that reference a KPI that is part of an open maintenance window.
B Develop a strategy for configuring a service’s notable event generation when the service’s maintenance window is open.
C Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
D Change the color of services and entities that are part of an open maintenance window in the service analyzer.

Which of the following items apply to anomaly detection? (Choose all that apply.)

A Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.
B A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
C Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
D There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

In Episode Review, what is the result of clicking an episode’s Acknowledge button?

A Assign the current user as owner.
B Change status from New to Acknowledged.
C Change status from New to In Progress and assign the current user as owner.
D Change status from New to Acknowledged and assign the current user as owner.

Which of the following is a characteristic of base searches?

A Search expression, entity splitting rules, and thresholds are configured at the base search level.
B It is possible to filter to entities assigned to the service for calculating the metrics for the service’s KPIs.
C The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
D The base search will execute whether or not a KPI needs it.

ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?

A If this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
B If this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
C If this value is set to 0, the scheduler may skip scheduled execution periods.
D If this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.

What effects does the KPI importance weight of 11 have on the overall health score of a service?

A At least 10% of the KPIs will go critical.
B Importance weight is unused for health scoring.
C The service will go critical.
D It is a minimum health indicator KPI.

Which of the following is an advantage of using adaptive time thresholds?

A Automatically update thresholds daily to manage dynamic changes to KPI values.
B Automatically adjust KPI calculation to manage dynamic event data.
C Automatically adjust aggregation policy grouping to manage escalating severity.
D Automatically adjust correlation search thresholds to adjust sensitivity over time.

What is the default importance value for dependent services’ health scores?

A 11
B 1
C Unassigned
D 10

What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?

A Use | stats functions in custom fields to prepare the data for KPI calculations.
B Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
C Make sure that all fields conform to CIM, then use the corresponding module to import related services.
D Plan to build as many data models as possible for ITSI to leverage

Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.)

A Comparing a service’s notable events over a time period.
B Visualizing one or more Service KPIs values by time.
C Examining and comparing alert levels for KPIs in a service over time.
D Comparing swim lane values for a slice of time.

Anomaly detection can be enabled on which one of the following?

A KPI
B Multi-KPI alert
C Entity
D Service

Which of the following is a recommended best practice for service and glass table design?

A Plan and implement services first, then build detailed glass tables.
B Always use the standard icons for glass table widgets to improve portability.
C Start with base searches, then services, and then glass tables.
D Design glass tables first to discover which KPIs are important.

Where are KPI search results stored?

A The default index.
B KV Store.
C Output to a CSV lookup.
D The itsi_summary index.

Which of the following describes a way to delete multiple duplicate entities in ITSI?

A Via c CSV upload.
B Via the entity lister page.
C Via a search using the | deleteentity command.
D All of the above.

Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

A Ping a host.
B Send email.
C Include in RSS feed.
D Run a script.

In maintenance mode, which features of KPIs still function?

A KPI searches will execute but will be buffered until the maintenance window is over.
B KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
C New KPIs can be created, but existing KPIs are locked.
D KPI calculations and threshold settings can be modified.

Which of the following are the default ports that must be configured on Splunk to use ITSI?

A SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
B SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
C SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
D SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Which of the following is a good use case regarding defining entities for a service?

A Automatically associate entities to services using multiple entity aliases.
B All of the entities have the same identifying field name.
C Being able to split a CPU usage KPI by host name.
D KPI total values are aggregated from multiple different category values in the source events.

When must a service define entity rules?

A If the intention is for the KPIs in the service to filter to only entities assigned to the service.
B To enable entity cohesion anomaly detection.
C If some or all of the KPIs in the service will be split by entity.
D If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

A 6 months.
B 9 months.
C 1 year.
D 3 months.

Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

A Only include KPIs if they will be used in multiple services.
B Analyze the business to determine the most critical services.
C Focus on low-level services.
D Define a large number of key services early.

Which deep dive swim lane type does not require writing SPL?

A Event lane.
B Automatic lane.
C Metric lane.
D KPI lane.

Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?

A Service templates.
B Service dependencies.
C Ad-hoc search.
D Service swapping.

What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

A Creating glass tables.
B Correlation search creation.
C Service swapping configuration.
D Adding KPI metric lanes to glass tables.

SPLK-3002Preview

About the SPLK-3002 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

SPLK-3002Preview

About the SPLK-3002 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25