🚀 DevOps & SRE Certification Program 📅 Starting: 1st of Every Month 🤝 +91 8409492687 🔍 Contact@DevOpsSchool.com

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Splunk

Splunk Interview Questions and Answer Part – 3

January 16, 2020 comments off

Of the following, which is the best description of Splunk?

  • Splunk is a log collector.
  • Splunk is a business intelligence tool.
  • Splunk is operational intelligence that consumes and makes machine data useable and valuable. (Ans)
  • Splunk is an alerting tool.

What are the building blocks of a Splunk App?

  • Configuration files (Ans)
  • Data sources
  • Reports
  • Pivots

Where is the best place to get help for Splunk?

  • reddit.com
  • answers.splunk.com (Ans)
  • stackoverflow.com
  • blogs

What is the primary way in which the timechart command differs from the chart command?

  • There is no difference. timechart is just a shortcut for chart with a specified x-axis of _time .
  • timechart does not take a span argument. chart does.
  • chart forces the x-axis to be _time. timechart does not.
  • timechart forces the x-axis to be _time. chart does not. (Ans)

Another way to say | is

  • “take the output of the commands before it, then do this with the input.”
  • “take the input of the commands before it, then do this with the output.”
  • “take the output of the commands before it, then do this with the output.” (Ans)
  • “take the output of the commands after it, then do this with the output.”

What is one of the differences between a heavy forwarder and a universal forwarder?

  • A universal forwarder is a complete installation of Splunk; a heavy forwarder is a light agent.
  • A heavy forwarder is a complete installation of Splunk; a universal forwarder is a light agent. (Ans)
  • Heavy forwards are limited in their functionality, but universal forwarders can do advanced things like route data.
  • The only difference is the type of machine you install the forwarder on.

Which search mode will Splunk default to if your search specifies fields?

  • Fast (Ans)
  • Smart
  • Verbose
  • Heavy

What is “the language of Splunk” known as?

  • SSL: Splunk Search Language
  • SQL: Splunk Query Language
  • SPL: Splunk Processing Language (Ans)
  • SEL: Splunk Execution Language

The default Splunk forwarding and management ports are, respectively

  • 8088, 9998
  • 9997, 8089 (Ans)
  • 9997, 8087
  • 443, 9797

Splunk assigns which three fields as default metadata?

  • host, source, source type (Ans)
  • host, ip, port
  • host, hostname, source
  • host, sourcetype, ip

What is the purpose of a lookup?

  • Allows you to add custom fields to events from external sources, like csv files. (Ans)
  • Allows Splunk to examine semantic knowledge objects.
  • Allows users to build custom reports based on data models.
  • Keeps a record of all previous searches, so that Splunk can look them up later.

Searches in the search pipeline go from

  • general to specific. (Ans)
  • specific to general.
  • middle out.
  • bottom up.

What’s wrong with this search?
host=homework user=* status=failed stats count(status) BY user | rename count(status) as “Number of Failed Logins”

  • count is not a stats function.
  • You need to have a | before the stats command. (Ans)
  • The rename command is invalid because you cannot rename a field to a phrase.
  • This search is valid.

Which type of authentication method does Splunk recommend for anything other than a small deployment?

  • Local
  • SAML
  • LDAP/AD (Ans)
  • Scripted

The rare function returns , while the top function returns .

  • a visualization with _time on the x axis; a visualization with a specified field on the x axis
  • limits; thresholds
  • least common values; most common values (Ans)
  • top ten common values; top ten uncommon values

The Enterprise Trial license is valid for , after which point it will convert to a license.

  • 60 days; free (Ans)
  • 30 days; limited functionality
  • 30 days; free
  • 60 days; limited functionality

Heavy forwards

  • require a universal license.
  • require an enterprise license.
  • do not require a license.
  • require a forwarder license. (Ans)

Of the following, which best describes the difference between a tag and an event type?

  • There is no difference.
  • Tags are more complex knowledge objects than event types.
  • Tags are much more powerful than event types, because they can contain multiple fields.
  • Event types can contain multiple fields, while tags can only contain one. (Ans)

Which of the following is not one of the four major functions of Splunk?

  • Parsing
  • Input
  • Compressing (Ans)
  • Indexing
  • Searching

The structure of Splunk configuration files is:

  • key=value [stanza]
  • [stanza] [sub-stanza]
  • [stanza] attribute=value (Ans)
  • savedsearch=value [stanza]

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.