1. Home
  2. Splunk
  3. SPLK-3002

Splunk IT Service Intelligence Certified Admin

Exam Details

  • Exam Code
    :SPLK-3002
  • Exam Name
    :Splunk IT Service Intelligence Certified Admin
  • Certification
    :Splunk Certifications
  • Vendor
    :Splunk
  • Total Questions
    :53 Q&As
  • Last Updated
    :Mar 24, 2025

Splunk Splunk Certifications SPLK-3002 Questions & Answers

  • Question 11:

    Which of the following describes enabling smart mode for an aggregation policy?

    A. Configure –andgt; Policies –andgt; Smart Mode –andgt; Enable, select “fields”, click “Save”

    B. Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

    C. Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

    D. Edit the notable event view, enable smart mode, select “fields”, and click “Save”

  • Question 12:

    Which of the following are the default ports that must be configured on Splunk to use ITSI?

    A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

    B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

    C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

    D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

  • Question 13:

    Which index contains ITSI Episodes?

    A. itsi_tracked_alerts

    B. itsi_grouped_alerts

    C. itsi_notable_archive

    D. itsi_summary

  • Question 14:

    Within a correlation search, dynamic field values can be specified with what syntax?

    A. fieldname

    B.

    C. %fieldname% D. eval(fieldname)

  • Question 15:

    In maintenance mode, which features of KPIs still function?

    A. KPI searches will execute but will be buffered until the maintenance window is over.

    B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summaryindex.

    C. New KPIs can be created, but existing KPIs are locked.

    D. KPI calculations and threshold settings can be modified.

  • Question 16:

    Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)

    A. Ping a host.

    B. Send email.

    C. Include in RSS feed.

    D. Run a script.

  • Question 17:

    Which capabilities are enabled through “teams”?

    A. Teams allow searches against the itsi_summaryindex.

    B. Teams restrict notable event alert actions.

    C. Teams restrict searches against the itsi_notable_auditindex.

    D. Teams allow restrictions to service content in UI views.

  • Question 18:

    Which of the following describes a way to delete multiple duplicate entities in ITSI?

    A. Via c CSV upload.

    B. Via the entity lister page.

    C. Via a search using the | deleteentity command.

    D. All of the above.

  • Question 19:

    Where are KPI search results stored?

    A. The default index.

    B. KV Store.

    C. Output to a CSV lookup.

    D. The itsi_summaryindex.

  • Question 20:

    Which ITSI functions generate notable events? (Choose all that apply.)

    A. KPI threshold breaches.

    B. KPI anomaly detection.

    C. Multi-KPI alert.

    D. Correlation search.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-3002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.