A.
If the intention is for the KPIs in the service to filter to only entities assigned to the service.
B.
To enable entity cohesion anomaly detection.
C.
If some or all of the KPIs in the service will be split by entity.
D.
If the intention is for the KPIs in the service to have different aggregate vs. entity KPI values.
Answer:
A
Explanation: Provide a value to filter the service to a specific set of entities. These entity rule values are meant to be custom for each service. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/EntityRules
User Votes:
A 1 votes
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which of the following is a valid type of Multi-KPI Alert?
When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)
A.
Copy SA-IndexCreation to all indexers.
B.
Copy SA-IndexCreation to the etc/apps directory on the index cluster master node.
C.
Extract installer package into etc/apps directory of the cluster deployer node.
D.
Extract ITSI app package into etc/apps directory of search head.
Answer:
A
Explanation: CopySA-IndexCreationto$SPLUNK_HOME/etc/apps/on all individual indexers in your environment. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallSHC
User Votes:
A 1 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
0/ 1000
Question 5
Which of the following items describe ITSI Backup and Restore functionality? (Choose all that apply.)
A.
A pre-configured default ITSI backup job is provided that can be modified, but not deleted.
B.
ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.
C.
kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.
D.
ITSI backups are stored as a collection of JSON formatted files.
Answer:
C, D
Explanation: ITSI provides akvstore_to_json.pyscript that lets you backup/restore ITSI configuration data, perform bulk service KPI operations, apply time zone offsets for ITSI objects, and regenerate KPI search schedules. When you run a backup job, ITSI saves your data to a set of JSON files compressed into a single ZIP file. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/kvstorejson https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/BackupandRestoreITSIconfig
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
How do you automatically restrict a KPI to only the entities in its service, and generate KPI values for each entity?
A.
Select “Yes” for both “Split by Entity” and “Filter to Entities in Service”.
B.
Select “No” for “Split by Entity” and “Yes” for “Filter to Entities in Service”.
C.
Select “Yes” for “Split by Entity” and “No” for “Filter to Entities in Service”.
D.
Select “No” for both “Split by Entity” and “Filter to Entities in Service”.
There are two departments using ITSI. Finance and Sales. Analysts in each department should not be allowed to see each others services. What are the role configuration steps required to accomplish this?
A.
itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
B.
itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
C.
itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.
D.
itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
For which ITSI function is it a best practice to use a 15-30 minute time buffer?
A.
Correlation searches.
B.
Adaptive thresholding.
C.
Maintenance windows
D.
Anomaly detection.
Answer:
C
Explanation: It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which of the following is a good use case regarding defining entities for a service?
A.
Automatically associate entities to services using multiple entity aliases.
B.
All of the entities have the same identifying field name.
C.
Being able to split a CPU usage KPI by host name.
D.
KPI total values are aggregated from multiple different category values in the source events.
Answer:
A
Explanation: Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Entity/About
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Which of the following are the default ports that must be configured on Splunk to use ITSI?
A.
SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
B.
SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
C.
SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
D.
SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)
B.
Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”
C.
Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”
D.
Edit the notable event view, enable smart mode, select “fields”, and click “Save”
Answer:
A
Explanation: 1. From the ITSI main menu, clickConfiguration>Notable Event Aggregation Policies. 2. Select a custom policy or the Default Policy. 3. Under Smart Mode grouping, enableSmart Mode. 4. ClickSelect fields. A dialog displays the fields found in your notable events from the last 24 hours. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/SmartMode
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Which of the following best describes a default deep dive?
A.
It initially shows the health scores for all services.
B.
It initially shows the highest importance KPIs.
C.
It initially shows all of the KPIs for a selected service.
In maintenance mode, which features of KPIs still function?
A.
KPI searches will execute but will be buffered until the maintenance window is over.
B.
KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.
C.
New KPIs can be created, but existing KPIs are locked.
D.
KPI calculations and threshold settings can be modified.
Answer:
A
Explanation: It's a best practice to schedule maintenance windows with a 15- to 30-minute time buffer before and after you start and stop your maintenance work. This gives the system an opportunity to catch up with the maintenance state and reduces the chances of ITSI generating false positives during maintenance operations. Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Within a correlation search, dynamic field values can be specified with what syntax?