Splunk Parte..2

1

True or False: Once you rename a field, the new field name must be used in the rest of the search string.

FALSE

TRUE

2

At search time, if an event has an equal(=) sign, the data to the left is treated as a and the data to the right is treated as a .

field name, value

field name, sourcetype

lookup, sourcetype

lookup, value

3

Which of the following fields are default selected fields?

host, source

host, sourcetype

index

host, source, sourcetype

4

True or False: Fields are knowledge objects.

FALSE

TRUE

5

At search time, _______ extracts fields from raw event data.

fields command

field extractor

field Discovery

6

In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events.

15%

5%

50%

20%

7

To remove fields from a search, you would use the _________ command.

+fields

fields-

fields+

-fields

8

The fields command allows you to do which of the following? Select all that apply.

Exclude fields (fields -), Include fields (fields +)

Exclude fields (fields -), Include fields (fields), Include fields (fields +)

Include fields (fields), Exclude fields (fields -)

Quiz parte 2 sobre Splunk.

True or False: Once you rename a field, the new field name must be used in the rest of the search string.

At search time, if an event has an equal(=) sign, the data to the left is treated as a and the data to the right is treated as a .

Which of the following fields are default selected fields?

True or False: Fields are knowledge objects.

At search time, _______ extracts fields from raw event data.

In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events.

To remove fields from a search, you would use the _________ command.

The fields command allows you to do which of the following? Select all that apply.

Splunk parte..2

Intro to Splunk

Splunk Visualizações

Splunk parte. 3

Search Under The Hood

Quiz, teste Hacker.

Quiz sobre conhecimentos ExplendGE

Quiz sobre conhecimentos ExplendGE SQL 20.07.2023

QUIZ Informática FISK - Aula 6

Quiz sobre conhecimentos ExplendGE 02.08.2023

Responda o Quiz sobre o Snovio

Quiz sobre conhecimentos ExplendGE 04.08.2023

Splunk parte..2

Quiz parte 2 sobre Splunk.

True or False: Once you rename a field, the new field name must be used in the rest of the search string.

At search time, if an event has an equal(=) sign, the data to the left is treated as a ______ and the data to the right is treated as a ______.

Which of the following fields are default selected fields?

True or False: Fields are knowledge objects.

At search time, _______ extracts fields from raw event data.

In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events.

To remove fields from a search, you would use the _________ command.

The fields command allows you to do which of the following? Select all that apply.

Splunk parte..2

Intro to Splunk

Splunk Visualizações

Splunk parte. 3

Search Under The Hood

Quiz, teste Hacker.

Quiz sobre conhecimentos ExplendGE

Quiz sobre conhecimentos ExplendGE SQL 20.07.2023

QUIZ Informática FISK - Aula 6

Quiz sobre conhecimentos ExplendGE 02.08.2023

Responda o Quiz sobre o Snovio

Quiz sobre conhecimentos ExplendGE 04.08.2023

At search time, if an event has an equal(=) sign, the data to the left is treated as a and the data to the right is treated as a .