What are the two most efficient search filters?
A. _time and host
B. _time and index
C. host and sourcetype
D. index and sourcetype
Explanation: This is the correct answer because these two filters can help you limit the amount of data that Splunk retrieves from disk, which is the key to fast searching1. The _time filter allows you to specify a narrow time window for your search, which reduces the number of buckets that Splunk scans2. The index filter allows you to specify which index or indexes contain the data that you want to search, which reduces the number of files that Splunk reads3.
Splunk shows data in __________________.
A. ASCII Character order
B. Reverse chronological order
C. Alphanumeric order.
D. Chronological order
By default, which of the following is a Selected Field?
A. action
B. clientip
C. categoryld
D. sourcetype
When is an alert triggered?
A. When Splunk encounters a syntax error in a search
B. When a trigger action meets the predefined conditions
C. When an event in a search matches up with a data model
D. When results of a search meet a specifically defined condition
It is not possible for a single instance of Splunk to manage the input, parsing and indexing of machine.
A.
True
B.
False
False
Which of the following is the most efficient search?
A. index=* “failed password”
B. “failed password” index=*
C. (index=* OR index=security) “failed password”
D. index=security “failed password”
| Page 6 out of 41 Pages |
| Previous |
Contact Us - Privacy Policy ... Copyright © - All Rights Reserved