Splunk SPLK-3002 Splunk IT Service Intelligence Certified Admin Exam Online Training
Splunk SPLK-3002 Online Training
The questions for SPLK-3002 were last updated at Apr 23,2024.
- Exam Code: SPLK-3002
- Exam Name: Splunk IT Service Intelligence Certified Admin Exam
- Certification Provider: Splunk
- Latest update: Apr 23,2024
Which scenario would benefit most by implementing ITSI?
- A . Monitoring of business services functionality.
- B . Monitoring of system hardware.
- C . Monitoring of system process statuses
- D . Monitoring of retail sales metrics.
A
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AboutSI
When in maintenance mode, which of the following is accurate?
- A . Once the window is over, KPIs and notable events will begin to be generated again.
- B . KPIs are shown in blue while in maintenance mode.
- C . Maintenance mode slots are scheduled on a per hour basis.
- D . Service health scores and KPI events are deleted until the window is over.
A
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/REBestPractice
What effects does the KPI importance weight of 11 have on the overall health score of a service?
- A . At least 10% of the KPIs will go critical.
- B . Importance weight is unused for health scoring.
- C . The service will go critical.
- D . It is a minimum health indicator KPI.
D
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/KPIImportance#:~:text=ITSI%20considers%20KPIs%20that%20have,other%20KPIs%20in%20the%20service
Which of the following is a good use case regarding defining entities for a service?
- A . Automatically associate entities to services using multiple entity aliases.
- B . All of the entities have the same identifying field name.
- C . Being able to split a CPU usage KPI by host name.
- D . KPI total values are aggregated from multiple different category values in the source events.
A
Explanation:
Define entities before creating services. When you configure a service, you can specify entity matching rules based on entity aliases that automatically add the entities to your service.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Entity/About
What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)
- A . Creating glass tables.
- B . Correlation search creation.
- C . Service swapping configuration.
- D . Adding KPI metric lanes to glass tables.
A,C,D
Explanation:
Create a glass table to visualize and monitor the interrelationships and dependencies across your IT and business services.
The service swapping settings are saved and apply the next time you open the glass table. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. Glass tables show real-time data generated by KPIs and services.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview
When changing a service template, which of the following will be added to linked services by default?
- A . Thresholds.
- B . Entity Rules.
- C . New KPIs.
- D . Health score.
B
Explanation:
Link multiple services to a service template to manage them collectively in IT Service Intelligence (ITSI). A service can only be linked to one service template at a time. When you link a service to a service template, any existing KPIs in the service are preserved and KPIs in the template are added to the service. You can choose to append, replace, or keep entity rules.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/LinkST
After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?
- A . 6 months.
- B . 9 months.
- C . 1 year.
- D . 3 months.
A
Explanation:
By default, notable event metadata is archived after six months to keep the KV store from growing too large.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections
What should be considered when onboarding data into a Splunk index, assuming that ITSI will need to use this data?
- A . Use | stats functions in custom fields to prepare the data for KPI calculations.
- B . Check if the data could leverage pre-built KPIs from modules, then use the correct TA to onboard the data.
- C . Make sure that all fields conform to CIM, then use the corresponding module to import related services.
- D . Plan to build as many data models as possible for ITSI to leverage
B
Explanation:
Reference: https://newoutlook.it/download/book/splunk/advanced-splunk.pdf
Which of the following best describes a default deep dive?
- A . It initially shows the health scores for all services.
- B . It initially shows the highest importance KPIs.
- C . It initially shows all of the KPIs for a selected service.
- D . It initially shows all the entity swim lanes.
D
Explanation:
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/DeepDives
When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?
- A . SA-ITOA
- B . ITSI app
- C . All ITSI components
- D . SA-ITSI-Licensechecker
D
Explanation:
Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/Install/InstallDD