SPLK-1003 Splunk Enterprise Certified Admin

By
With
Comments Off on SPLK-1003 Splunk Enterprise Certified Admin

Course Description
This course teaches you how to search and navigate in Splunk, use fields, get statistics from your data, create reports, dashboards, lookups, and alerts. Scenario-based examples and hands-on challenges will enable you to create robust searches, reports, and charts. It will also introduce you to Splunk’s datasets features and Pivot interface.

Course Topics
Introduction to Splunk’s interface
Basic searching
Using fields in searches
Search fundamentals
Transforming commands
Creating reports and dashboards
Datasets
The Common Information Model (CIM)
Creating and using lookups
Scheduled Reports
Alerts
Using Pivot

Course Objectives

Module 1 – Introduction
Overview of Buttercup Games Inc.

Module 2 – What is Splunk?
Splunk components
Installing Splunk
Getting data into Splunk

Module 3 – Introduction to Splunk’s User Interface
Understand the uses of Splunk
Define Splunk Apps
Customizing your user settings
Learn basic navigation in Splunk

Module 4 – Basic Searching
Run basic searches
Use autocomplete to help build a search
Set the time range of a search
Identify the contents of search results
Refine searches
Use the timeline
Work with events
Control a search job
Save search results

Module 5 – Using Fields in Searches
Understand fields
Use fields in searches
Use the fields sidebar

Module 6 – Search Language Fundamentals
Review basic search commands and general search practices
Examine the search pipeline
Specify indexes in searches
Use autocomplete and syntax highlighting
Use SPL search commands to perform searches:

Module 7 – Using Basic Transforming Commands
The top command
The rare command
The stats command

Module 8 – Creating Reports and Dashboards
Save a search as a report
Edit reports
Create reports that include visualizations such as charts
and tables
Create a dashboard
Add a report to a dashboard
Edit a dashboard

Module 9 – Datasets and the Common Information Model
Naming conventions
What are datasets?
What is the Common Information Model (CIM)?

Module 10 – Creating and Using Lookups
Describe lookups
Create a lookup file and create a lookup definition
Configure an automatic lookup

Module 11 – Creating Scheduled Reports and Alerts
Describe scheduled reports
Configure scheduled reports
Describe alerts
Create alerts
View fired alerts

Module 12 – Using Pivot
Describe Pivot
Understand the relationship between data models and pivot
Select a data model object
Create a pivot report
Create an instant pivot from a search
Add a pivot report to a dashboard

Question: 1
Which setting in indexes. conf allows data retention to be controlled by time?

A. maxDaysToKeep
B. moveToFrozenAfter
C. maxDataRetentionTime
D. frozenTimePeriodlnSecs

Answer: B

Question: 2
The universal forwarder has which capabilities when sending data? (select all that apply)

A. Sending alerts
B. Compressing data
C. Obfuscating/hiding data
D. Indexer acknowledgement

Answer: D

Question: 3
In case of a conflict between a whitelist and a blacklist input setting, which one is used?

A. Blacklist
B. Whitelist
C. They cancel each other out.
D. Whichever is entered into the configuration first.

Answer: B

Question: 4
In which Splunk configuration is the SEDCMD used?

A. props, conf
B. inputs.conf
C. indexes.conf
D. transforms.conf

Answer: A

 

Click here to view complete Q&A of SPLK-1003 exam
Certkingdom Review
, Certkingdom PDF Torrents

MCTS Training, MCITP Trainnig

Best Splunk SPLK-1003 Certification, Splunk Enterprise Certified Admin SPLK-1003 Training at certkingdom.com

Click to rate this post!
[Total: 0 Average: 0]