SEARCH
🇬🇧
MEM
O
RY
.COM
4.37.48
Guest
Log In
Â
Homepage
0
0
0
0
0
Create Course
Courses
Last Played
Dashboard
Notifications
Classrooms
Folders
Exams
Custom Exams
Help
Leaderboard
Shop
Awards
Forum
Friends
Subjects
Dark mode
User ID: 999999
Version: 4.37.48
www.memory.co.uk
You are in browse mode. You must login to use
MEM
O
RY
  Log in to start
Index
 »Â
Splunk for Women Mid- Term Course Review
 »Â
Chapter 1
 »Â
Level 1
level: Level 1
Questions and Answers List
level questions: Level 1
Question
Answer
Machine data is generated by
All types of system in an organization
Machine data makes up ___% of data accumulated by organizations
90
Search requests are processed by the
Indexers
Selected fields are displayed ______each event in the search results. a) below b) interesting fields c) other fields d) above
a) below
Only Splunk Administrators can assign selected fields (T/F)
False
What is the most efficient way to filter events in Splunk?
By time.
Machine data is always structured. (T/F)
False
How is the asterisk used in Splunk search? A) As a wildcard. B) To make a nose for your clown emoticon. C) As a place holder. D) To add up numbers.
A) As a wildcard.
Which search mode automatically decides how to return fields based on your search? a)Verbose mode b)Fast mode c)Smart mode
A) Smart
When zooming in on the event time line, a new search is run. (T/F)
False
These searches will return the same results... (T/F) failed password failed AND password
True
What are Splunk definitions for source types, sources, hosts?
Source types: classification of data Sources: path, network port/script from which the events originated Hosts: hostname, ip, fqdn
Field values are case sensitive. (F/T)
False
These are the default selected fields. a)source, sourcetype, host b)source, sourcetype, index c)source, sourcetype, timestamp d)host, source, _raw
a)source, sourcetype, host
Which search mode returns all fields? a)Verbose mode b)Fast mode c)Smart mode
a)Verbose mode
When you run a search, fast mode extracts all fields very quickly. (T/F)
True
Selected fields are displayed ______each event in the search results. a) below b) interesting fields c) other fields d) above
a) below
Search terms are not case sensitive. (T/F)
True
You can not specify a relative time range, such as 45 seconds ago, for a search (T/F)
False
Highlighted search terms indicate _________ search results in Splunk. a)Display as selected fields. b)Sorted c)Charted based on time d)Matching
d) Matching
Only Splunk Administrators can assign selected fields (T/F)
False
Fast, optimized and verbose are all selectable search modes (T/F)
False
This search user!=*_________________. a) displays only events that contain a value for user b) displays all events c) displays only events that do NOT contain a value for user
c) displays only events that do NOT contain a value for user
The interesting fields in the fields sidebar is based on what fields you have requested in the past. (T/F)
False
These 2 searches will return exactly the same results: (F/T) SEARCH 1:host=www1 SEARCH 2: host=WWW1
False
3 main processing components
forwarder search heads indexers
Search strings are sent from the _________.
Search Heads
The password for a new instance is
created when you install splunk
___ define what users can do in splunk
Roles
You can launch and manage apps from the home app. (T/F)
True
3 Default Roles
Admin, Power, User
What order are events listed
Reverse chronological
When a search is sent to splunk it becomes a???
search job
Splunk came with 2 default apps, what are they?
Home Search and Report
Data is broken into single events by?
Source type
"Interesting field" appears in search results for how many percent?
20%
