Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
ITSI Saved Search Scheduling is configured to use realtime_schedule = 0. Which statement is accurate about this configuration?
AIf this value is set to 0, the scheduler bases its determination of the next scheduled search execution time on the current time.
BIf this value is set to 0, the scheduler bases its determination of the next scheduled search on the last search execution time.
CIf this value is set to 0, the scheduler may skip scheduled execution periods.
DIf this value is set to 0, the scheduler might skip some execution periods to make sure that the scheduler is executing the searches running over the most recent time range.
What effects does the KPI importance weight of 11 have on the overall health score of a service?
AAt least 10% of the KPIs will go critical.
BImportance weight is unused for health scoring.
CThe service will go critical.
DIt is a minimum health indicator KPI.
Which of the following is an advantage of using adaptive time thresholds?
AAutomatically update thresholds daily to manage dynamic changes to KPI values.
BAutomatically adjust KPI calculation to manage dynamic event data.
CAutomatically adjust aggregation policy grouping to manage escalating severity.
DAutomatically adjust correlation search thresholds to adjust sensitivity over time.
What is the default importance value for dependent services’ health scores?
A11
B1
CUnassigned
D10
What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?
AUse | stats functions in custom fields to prepare the data for KPI calculations.
BCheck if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
CMake sure that all fields conform to CIM, then use the corresponding module to import related services.
DPlan to build as many data models as possible for ITSI to leverage
Which of the following items describe ITSI Deep Dive capabilities? (Choose all that apply.)
AComparing a service’s notable events over a time period.
BVisualizing one or more Service KPIs values by time.
CExamining and comparing alert levels for KPIs in a service over time.
DComparing swim lane values for a slice of time.
Anomaly detection can be enabled on which one of the following?
AKPI
BMulti-KPI alert
CEntity
DService
Which of the following is a recommended best practice for service and glass table design?
APlan and implement services first, then build detailed glass tables.
BAlways use the standard icons for glass table widgets to improve portability.
CStart with base searches, then services, and then glass tables.
DDesign glass tables first to discover which KPIs are important.
Where are KPI search results stored?
AThe default index.
BKV Store.
COutput to a CSV lookup.
DThe itsi_summary index.
Which of the following describes a way to delete multiple duplicate entities in ITSI?
AVia c CSV upload.
BVia the entity lister page.
CVia a search using the | deleteentity command.
DAll of the above.
Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
APing a host.
BSend email.
CInclude in RSS feed.
DRun a script.
In maintenance mode, which features of KPIs still function?
AKPI searches will execute but will be buffered until the maintenance window is over.
BKPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
CNew KPIs can be created, but existing KPIs are locked.
DKPI calculations and threshold settings can be modified.
Which of the following are the default ports that must be configured on Splunk to use ITSI?
ASplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
BSplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
CSplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
DSplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)
Which of the following is a good use case regarding defining entities for a service?
AAutomatically associate entities to services using multiple entity aliases.
BAll of the entities have the same identifying field name.
CBeing able to split a CPU usage KPI by host name.
DKPI total values are aggregated from multiple different category values in the source events.
When must a service define entity rules?
AIf the intention is for the KPIs in the service to filter to only entities assigned to the service.
BTo enable entity cohesion anomaly detection.
CIf some or all of the KPIs in the service will be split by entity.
DIf the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
A6 months.
B9 months.
C1 year.
D3 months.
Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?
AOnly include KPIs if they will be used in multiple services.
BAnalyze the business to determine the most critical services.
CFocus on low-level services.
DDefine a large number of key services early.
Which deep dive swim lane type does not require writing SPL?
AEvent lane.
BAutomatic lane.
CMetric lane.
DKPI lane.
Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?
AService templates.
BService dependencies.
CAd-hoc search.
DService swapping.
What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)
