Splunk Quiz
1
Splunk flow is
- Index, Search, Add knowledge, Monitor/Alert, Report/Analyse
- Index, Add knowledge, search, Monitor/Alert, Report/Analyse
- Index, Add knowledge, search, Report/Analyse,Monitor/Alert,
- None of the above
2
Existing License can be merged with another lincese
- FALSE
- TRUE
3
Dashboard is portable
- TRUE
- FALSE
4
Deployement server is used for
- Deploy the apps in splunk
- Deploy the apps in multiple apps in group of splunk server.
- distributing configurations, apps, and content updates in splunk server
- distributing configurations, apps, and content updates to groups of Splunk
5
Splunk access can be merged with LDAP Dir
- TRUE
- FALSE
6
Extracted field can be shared across the data sources
- TRUE
- FALSE
7
Access Roles are
- ADMIN
- ADMIN, USERS
- ADMIN/POWER USERS/USERS
- ADMIN/POWER USERS
8
POWER USERS role is
- This role has the most capabilities assigned to it.
- This role can edit all shared objects (saved searches, etc) and alerts, tag events, and other similar tasks.
- This role can create and edit its own saved searches, run searches, edit its own preferences, create and edit event types, and other similar tasks.
- All of the above
9
Index file is not portable and specific to the installeled instance.
- TRUE
- FALSE
10
Default index size is
- 50 MB
- 50 GB
- 500 MB
- 500 GB
11
Reguler expression to capture the specific name with in statement is
- “NAME”
- {NAME}
- [NAME]
- <NAME>
12
Splunk breaks up data into events and gives each a timestamp, host, source, and sourcetype automatically.
- TRUE
- FALSE
13
Splunk search result can be saved as — format
- XML
- txt
- CSV
- JSON
14
Event types can help you automatically identify events based on source data
- TRUE
- FALSE
15
Alert can send
- Trigger script
- RSS Feed
- All of the above
16
Transaction is any group of conceptually related events that span time
- TRUE
- FALSE
17
Lookup is used for
- Allow to refer the external data
- Data not to indexed in splunk
- Add more fields in the results
- All of the above
18
Lookup has capability of
- File based Lookup
- Table based lookup
- Script based look up
- None of the above
19
Summary index used for
- Efficiently report on large volumes of data
- Build a rolling report that shows aggregated statistics over short period of time
- Searches or reports that may take several minutes or more to complete can be
- generated quickly
- All of the above
20
Backfill is used for
- Remove the duplicate data in source
- remove the duplicate in indexer
- Fill the Summary index
- Schdule the job
21
What are forwarders
- Forwarders are small instances of Splunk that allow you to gather data and “forward” it to a central Splunk server or servers
- Sometimes they are the only way to get data from production to your index
- As we will also see they are also often the best way to gather data
- None of the above
22
“Heavy” forwarder is
- Full Splunk instance – does everything but write data to index
- Splunk Web can be used
- Breaks data into events before forwarding
- Can handle content-based routing
23
Forwarder can be managed using deployment server
- TRUE
- FALSE
24
Default forwarder port is
- 8000
- 9997
- 9977
- 8001
25
How to create Search time field
- Edit config files
- Field Extractor
- rex command in the search language
- All of the above
26
Data size and retention times are set on
- host based
- indexs based
- source based
- Soruce type based
27
Cold, Frozen data available for searching
- TRUE
- FALSE
28
_thefishbucket
- Splunk stores file information for its SOS function
- Splunk stores file information for its errorlog function
- Splunk stores file information for its alert function
- Splunk stores file information for its monitor function
29
Multiple search heads can share only configuration data
- TRUE
- FALSE
30
Splunk consumes it and
ignores all other files in the set
- Blacklisted
- whitelisted
- regex
- None of the above
