SPLK-2002 Splunk Enterprise Certified Architect Exam
Course Description
This course focuses on searching and reporting commands as well as on the creation of knowledge objects. Major topics include using transforming commands and visualizations, filtering and formatting results, correlating events, creating knowledge objects, using field aliases and calculated fields, creating tags and event types, using macros, creating workflow actions and data models, and normalizing data with the Common Information Model (CIM).
Course Prerequisites
Splunk Fundamentals 1
Course Topics
Transforming commands and visualization
Filtering and formatting
Results
Correlating events
Knowledge objects
Fields (Field aliases, field extractions, calculated fields)
Tags and event types
Macros
Workflow actions
Data models
Splunk Common Information Model (CIM)
Course Objectives
Module 1 – Introduction
Overview of Buttercup Games Inc.
Lab environment
Module 2 – Beyond Search Fundamentals
Search fundamentals review
Case sensitivity
Using the job inspector to view search performance
Module 3 – Using Transforming Commands for Visualizations
Explore data structure requirements
Explore visualization types
Create and format charts and timecharts
Module 4 – Using Mapping and Single Value Commands
The iplocation command
The geostats command
The geom command
The addtotals command
Module 5 – Filtering and Formatting Results
The eval command
Using the search and where commands to filter results
The filnull command
Module 6 – Correlating Events
Identify transactions
Group events using fields
Group events using fields and time
Search with transactions
Report on transactions
Determine when to use transactions vs. stats
Module 7 – Introduction to Knowledge Objects
Identify naming conventions
Review permissions
Manage knowledge objects
Module 8 – Creating and Managing Fields
Perform regex field extractions using the Field Extractor (FX)
Perform delimiter field extractions using the FX
Module 9 – Creating Field Aliases and Calculated Fields
Describe, create, and use field aliases
Describe, create and use calculated fields
Module 10 – Creating Tags and Event Types
Create and use tags
Describe event types and their uses
Create an event type
Module 11 – Creating and Using Macros
Describe macros
Create and use a basic macro
Define arguments and variables for a macro
Add and use arguments with a macro
Module 12 – Creating and Using Workflow Actions
Describe the function of GET, POST, and Search workflow actions
Create a GET workflow action
Create a POST workflow action
Create a Search workflow action
Module 13 – Creating Data Models
Describe the relationship between data models and pivot
Identify data model attributes
Create a data model
Use a data model in pivot
Module 14 – Using the Common Information Model (CIM) Add-On
Describe the Splunk CIM
List the knowledge objects included with the Splunk CIM
Add-On
Use the CIM Add-On to normalize data
QUESTION 1
Which of the following will cause the greatest reduction in disk size requirements for a cluster of N indexers running Splunk Enterprise Security?
A. Setting the cluster search factor to N-1.
B. Increasing the number of buckets per index.
C. Decreasing the data model acceleration range.
D. Setting the cluster replication factor to N-1.
Correct Answer: D
QUESTION 2
Stakeholders have identified high availability for searchable data as their top priority.
Which of the following best addresses this requirement?
A. Increasing the search factor in the cluster.
B. Increasing the replication factor in the cluster.
C. Increasing the number of search heads in the cluster.
D. Increasing the number of CPUs on the indexers in the cluster.
Correct Answer: B
QUESTION 3
Search dashboards in the Monitoring Console indicate that the distributed deployment is approaching its capacity.
Which of the following options will provide the most search performance improvement?
A. Replace the indexer storage to solid state drives (SSD).
B. Add more search heads and redistribute users based on the search type.
C. Look for slow searches and reschedule them to run during an off-peak time.
D. Add more search peers and make sure forwarders distribute data evenly across all indexers.
Correct Answer: C
Actualkey Splunk SPLK-2002 exam pdf, Certkingdom Splunk SPLK-2002 PDF
Best Splunk SPLK-2002 Certification, Splunk SPLK-2002 Training at certkingdom.com
Tagged with: Certkingdom PDF SPLK-2002, Certkingdom SPLK-2002 Exam, Exam SPLK-2002 ebooks, Exam SPLK-2002 labs, Exam SPLK-2002 online training, Exam SPLK-2002 PDF, Exam SPLK-2002 Q&A, Exam SPLK-2002 Study Guide, Exam SPLK-2002 testing engine, Exam SPLK-2002 videos, Splunk Enterprise Certified Architect