The command shown here does witch of the following: Command: |outputlookup products.csv
A.
Writes search results to a file named products.csv
B.
Returns the contents of a file named products.csv
Writes search results to a file named products.csv
Which of the following are not true about lookups? (Select all that apply.)
A.
Lookups can be time based
B.
Search results can be used to populate a lookup table
C.
Splunk DB Connect can be used to populate a lookup table from relational databases
D.
Output from a script can be used to populate a lookup table
E.
Lookup have a 10mg maximum size limit
Lookup have a 10mg maximum size limit
Lookups allow you to overwrite your raw event.
A.
True
B.
False
True
It is mandatory for the lookup file to have this for an automatic lookup to work.
A.
Source type
B.
At least five columns
C.
Timestamp
D.
Input filed
Input filed
By default, all users have DELETE permission to ALL knowledge objects.
A.
True
B.
False
False
These users can create global knowledge objects. (Select all that apply.)
A.
users
B.
power users
C.
administrators
power users
administrators
All users by default have WRITE permission to ALL knowledge objects.
A.
.True
B.
False
False
Creating Data Models:
Object ATTRIBUTES do not define .
A.
a base search for the object
B.
fields for the object
a base search for the object
Creating Data Models:
Fields associated with a data set are known as .
A.
Attributes
B.
Constraints
Attributes
Splunk Components:
Which of the following are responsible for reducing search results?
A. search heads
B. indexer
C. forwarders
D.
Splunk Components:
Which of the following are responsible for parsing incoming data and storing data on disc?
A.
forwarders
B.
indexers
C.
search heads
indexers
This is what Splunk uses to categorize the data that is being indexed.
A.
sourcetype
B.
index
C.
source
D.
host
sourcetype
| Page 7 out of 21 Pages |
| Previous |