In distributed search, which components need to be installed on instances other than the search head?
A. SA-IndexCreationand SA-ITSI-Licensecheckeron indexers.
B. SA-IndexCreationand SA-ITOA on indexers; SA-ITSI-Licensecheckerand SA-UserAccess on the license master.
C. SA-IndexCreationon idexers; SA-ITSI-Licensecheckerand SA-UserAccesson the license master.
D. SA-ITSI-Licensecheckeron indexers.
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?
A. SA-ITOA
B. ITSI app
C. All ITSI components
D. SA-ITSI-Licensechecker
Which of the following is the best use case for configuring a Multi-KPI Alert?
A. Comparing content between two notable events.
B. Using machine learning to evaluate when data falls outside of an expected pattern.
C. Comparing anomaly detection between two KPIs.
D. Raising an alert when one or more KPIs indicate an outage is occurring.
Which of the following is a characteristic of base searches?
A. Search expression, entity splitting rules, and thresholds are configured at the base search level.
B. It is possible to filter to entities assigned to the service for calculating the metrics for the service's KPIs.
C. The fewer KPIs that share a common base search, the more efficiency a base search provides, and anomaly detection is more efficient.
D. The base search will execute whether or not a KPI needs it.
What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)
A. Creating glass tables.
B. Correlation search creation.
C. Service swapping configuration.
D. Adding KPI metric lanes to glass tables.
Which glass table feature can be used to toggle displaying KPI values from more than one service on a single widget?
A. Service templates.
B. Service dependencies.
C. Ad-hoc search.
D. Service swapping.
Which deep dive swim lane type does not require writing SPL?
A. Event lane.
B. Automatic lane.
C. Metric lane.
D. KPI lane.
Which of the following items apply to anomaly detection? (Choose all that apply.)
A. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it's magic.
B. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
C. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
D. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.
Which of the following is a best practice when configuring maintenance windows?
A. Disable any glass tables that reference a KPI that is part of an open maintenance window.
B. Develop a strategy for configuring a service's notable event generation when the service's maintenance window is open.
C. Give the maintenance window a buffer, for example, 15 minutes before and after actual maintenance work.
D. Change the color of services and entities that are part of an open maintenance window in the service analyzer.
In Episode Review, what is the result of clicking an episode's Acknowledge button?
A. Assign the current user as owner.
B. Change status from New to Acknowledged.
C. Change status from New to In Progress and assign the current user as owner.
D. Change status from New to Acknowledged and assign the current user as owner.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Splunk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SPLK-3002 exam preparations and Splunk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.