Which is not a comparison operator in Splunk
A.
<=
B.
=
C.
!=
D.
>
E.
?=
?=
Query - status != 100:
A. Will return event where status field exist but value of that field is not 100.
B. Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.
C. Will get different results depending on data
Which component of Splunk is primarily responsible for saving data?
A. Search Head
B. Heavy Forwarder
C. Indexer
D. Universal Forwarder
At the time of searching the start time is 03:35:08.
Will it look back to 03:00:00 if we use -30m@h in searching?
A. Yes
B. No
What determines the scope of data that appears in a scheduled report? A. All data accessible to the User role will appear in the report.
A.
All data accessible to the owner of the report will appear in the report.
B.
All data accessible to all users will appear in the report until the next time the report is run.
C.
The owner of the report can configure permissions so that the report uses either the User role or the owner’s profile at run time.
D.
All of the above
All of the above
Which Boolean operator is always implied between two search terms, unless otherwise specified?
A.
OR
B.
NOT
C.
AND
D.
XOR
AND
| Page 5 out of 41 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved