____ and ____ allow you to drill down by default to see the underlying events.

Statistics and Visualizations

The Common constraints for the top command are?

limit
countfield
showperc

What is the limit= to when you click the Top values in a field window?

The limit is =20

3
Limit=0 returns how many results

Unlimited results

4
By default what is the name of the countfield?

Count

5
Shows the number of events that match the search criteria

stats count

6
Returns a count of unique values for a given field?

distinct_count, dc

7
Shows all values of a given field?

list

8
Shows unique values of a given field?

values

9
What are saved searches?

Reports

10
Does running a report return fresh results each time you run it?

Yes!

11
____ and ____ allow you to drill down by default to see the underlying events.

Statistics and Visualizations

12
Can reports be shard and added to dashboards?

Yes!

13
The report is saved with the time range that was selected when it was created. True
or False?

True!

14
Adding a time range picker allows you to do what to the Report?

It allows you to adjust the time range of the Report when you run it.

15
What are the dialog buttons when creating a report?

1. Continue Editing
2. Add to Dashboard
3. View - allows you to display and rerun the report

16
There are 3 main ways to create tables and visualizations in Splunk. What are they?

1. Select a field from the fields sidebar and choose a report to run

2. User the Pivot interface

-Start with a dataset or Instant Pivot

3. Use the Splunk search language transforming commands in the Search bar.

17
Numeric fields have 6 report types with mathematical functions, what are they?

1. Average over time

2. Maximum value over time
3. Minimum value over time
4. Top values
5. Top values by time
6. Rare values

18
For alphanumeric character fields, there are only 3 available reports, what are
they?

1. Top values
2. Top values by time
3. Rare values

19
When updating visualization settings like the min/max, how soon are the new
settings reflected?

Immediately!!

20
Switch to what tab in order to view the data as a table?
Statistics!

21
What is a dashboard?

A dashboard consists of one or more panels displaying data visually in a useful way
- such as events, tables, or charts.

Page 150 Mod 10

22
Why create panels from reports?

It is efficient to create most dashboard panels based on reports because

- a single report can be used across different dashboards
- this links the report definition to the dashboard

Any change to the underlying report affects every dashboard panel that utilizes
that report.

Page 154 Mod 10

23
Dashboards can be exported as...

as a PDF or Printed

The selection screen screen under Export shows:

PDF
Schedule PDF Delivery
Print

Page 160 Mod 10

24
How do you create an Instant Pivot?

1. Execute a search (search criteria only, no search commands)

2. Click the Statistics or Visualization tab
3. Click the Pivot icon
4. Select the fields to be included in the data model object
5. Create the pivot (table or chart)

25
When saving a Pivot as a Report what is required?

The Model Title because this creates the Data Model

26
What is a lookup?

Sometimes static (or relatively unchanging) data is required for searches but isn't
available in the index

Lookups pull such data from standalone files at search time and add it to search
results

27
*NOTE: Lookups allow you to add more fields to your events, such as:
- Descriptions for HTTP status codes ("File Not Found", "Service Unavailable")
- Sale prices for products
- User names, IP addresses, and workstation IDs associated with RFIDs

28
After a lookup is configured, you can use the lookup fields in searches, True or
False?

True!!

29
True or False: The lookup fields also appear in the Fields sidebar

True!

30
True or False: Lookup field values are case sensitive by default?

True!

31
What happens when an OUTPUT is not specified?

All the fields from the lookup table except the match fields

32
What happens when the OUTPUT is specified?

The fields overwrite existing fields

33
If a field in the lookup table represents a timestamp, you can create a what?

Time-Based Lookup

Page 199 Mod 12

34
Why would you want to use Scheduled Reports?

- Monthly, weekly, daily executive/managerial roll up reports

- Dashboard performance
- Automatically sending reports via email

Page 201 Mod 13

35
How do you create a Scheduled Report?

1. Create your search

2. From the Save As menu, select Report
3. Enter Title
4. Enter Description
5. Set Time Range Picker to No
6. Click Save

Page 202-204 Mod 13

36
When creating a Scheduled report you can select a time range from?

Presets
Relative
Advanced

Page 207 Mod 13

37
This setting determines a time frame to run the report.

Schedule Window

Page 207 Mod 13

38
Creates an indexed, searchable log event.

Log Event

Page 208 Mod 13

39
Selecting Output results to lookup.

Sends results of search to CSV lookup file.

Page 208 Mod 13

40
Selecting Output results to telemetry endpoint

Sends usage metrics back to Splunk (if your company has opted-in to program)

Page 208 Mod 13

41
Run a Script

Runs a previously created script

Page 208 Mod 13

42
Send email

Sends an email with results to specified recipients.

Page 208 Mod 13

43
Webhook

Sends an HTTP POST request to a specified URL.

Page 208 Mod 13

44
Managing Reports - Edit Permissions
With the GUI inside the Reports tab under Edit then Edit Permissions.

Run as: User

Will make what happen to the report?

Only data allowed to be accessed by the user role appears.

Page 211 Mod 13

45
Managing Reports - Edit Permissions
With the GUI inside the Reports tab under Edit then Edit Permissions.

Run as: Owner

Will make what happen to that report?

All data accessible by the owner appears in the report.

Page 211 Mod 13

46
To access the report results from a webpage.

Click edit > embed

Before a report can be embedded, it must be scheduled

Page 212 Mod 13

47
What are Alerts??

Splunk alerts are based on searches that can run either:

- on a regular scheduled interval
- in real-time

Alerts are triggered when the results of the search meet a specific condition that
you define

Based on your needs, alerts can:

- Create an entry in triggered alerts
- log an event
- output results to a lookup file
- send emails
- use a webhook
- perform a custom action

Page 213 Mod 13

48
How to create an Alert in the GUI?

1. Run a search
2. Select Save As > Alert
3. Give the alert a Title and Description
Page 214 Mod 13

49
Setting alert permissions

Only you can access, edit, and view triggered alerts.

Private Permissions

Page 215 Mod 13

50
Setting alert permissions

- All users of the app can view triggered alerts

- By default, everyone has read access and power has write access to the alert.

Shared in App

Page 215 Mod 13

51
What type of alert?

- Search runs at a defined interval

- Evaluates trigger condition when the search completes

Scheduled Alerts

Page 216 Mod 13

52
What kind of search?

- Search runs constantly in the background

- Evaluates trigger conditions within a window of time based on the conditions you
define

Real-Time

Page 216 Mod 13

53
You can set alerts to trigger in five ways

- Per-Result - triggers when a result is returned

- Number of Results - define how many results are returned before the alert
triggers
- Number of Hosts - define how many unique hosts are returned before the alert
triggers
- Number of Sources - define how many unique sources are returned before the alert
triggers
- Custom - define custom conditions using the search language

Page 219 Mod 13

54
Alert Actions - Trigger Conditions
Executes actions one time for all matching events within the scheduled time and
conditions

Once Trigger

Page 221 Mod 13

55
Alert Actions - Trigger Conditions

*NOTE: Executes the alert actions once for each result that matches the conditions.

For each result

Page 222 Mod 13

56
All actions that are available for scheduled reports and also available for alerts:

- Log Event
- Output results to lookup
- Output results to telemetry endpoint
- Run a script
- Send email
- Webhook

Page 223 Mod 13

57
Alert Actions - Add to Triggered Alerts

The severity for an alert:

- Info
- Low
- Medium
- High
- Critical

Page 224 Mod 13

58
Alert Actions - Log Event

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?

Enter the information that will be written to the new log event.

Event!

Page 225 Mod 13

59
Alert Actions - Log Event

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?
_____ of the new log event (by default, the alert name)

Source!

Page 225 Mod 13

60
Alert Actions - Log Event

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?

____ to which the new log event will be written

Sourcetype!

Page 225 Mod 13

61
Alert Actions - Log Event

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?

____ value of the new log event (by default, IP address of the host of the alert)

Host!

Page 225 Mod 13

62
Alert Actions - Log Event

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?

Destination ____ for the new log event (default value is main)

Index!

Page 225 Mod 13

63
Alert Actions - Send Email

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?

____ select the format of the alert.

Include!

Page 227 Mod 13

64
Alert Actions - Send Email

When saving as a report, under Triggered Alerts and + Add Actions. You can add a
Log Event action Which Log Event action matches the description below?
____ select the format of the text message.

Type!

Page 227 Mod 13

65
What does Splunk do?

Aggregate, analyze, and get answers from your machine data

Page 5 Mod 1

66
What data can be pulled into Splunk?

Index ANY data from ANY source

- Computers
- Network devices
- Virtual machines
- Internet devices
- Communication devices
- Sensors
- Databases
- Logs
- Configurations
- Messages
- Call detail records
- Clickstream
- Alerts
- Metrics
- Scripts
- Changes
- Tickets

Page 6 Mod 1

67
Types of Splunk Deployment?

Splunk Enterprise - splunk components installed and administered on-premises

Splunk Cloud
- Splunk Enterprise as a scalable service
- No infrastructure required

Splunk Light
- Solution for small IT environments

Page 8 Mod 1

68
What three things define what Splunk Apps are?

- Designed to address a wide variety of use cases and to extend the power of Splunk

- Collections of files containing data inputs, UI elements, and/or knowledge

objects
- Allows multiple workspaces for different use cases/user roles to co-exist on a
single Splunk instance

Page 9 Mod 1

69
What are Splunk Enhanced Solutions?

- Splunk IT Service Intelligence (ITSI)

- Splunk Enterprise Security (ES)

- Splunk User Behavior Analytics (UBA)

Page 10 Mod 1

70
Out of the box, there are 3 main roles:

Admin
Power
User

Page 11 Mod 1

71
What is the Search & Reporting App used for?

- Provides a default interface for searching and analyzing data

- Enables you to create knowledge objects, reports, and dashboards

Page 14 Mod 1

72
Data Summary Tabs

Unique identifier of where the events originated (host name, IP address, etc.)

Host!

73
Data Summary Tabs

Name of the file, stream, or other input.

Source!

74
Data Summary Tabs

Specific data type or data format

Sourcetype!

75
Splunk is comprised of ___ components. What are they and how many?

3 main components
Indexer
Search Head
Forwarder

Page 23 Mod 2

76
What are three things the Indexer does?

- Processes machine data, storing the results in indexes as events, enabling fast
search and analysis

- As the Indexer indexes data, it creates a number of files organized in sets of

directories by age

- Contains raw data (compressed) and indexes (points to the raw data)

Page 24 Mod 2

77
What are four things the Search Heads do?

- Allows users to use the Search language to search the indexed data

- Distributes user search requests to the Indexers

- Consolidates the results and extracts field value pairs from the events to the
user

-Knowledge Objects on the Search Heads can be created to extract additional fields
and transform the data without changing the underlying index data

Page 25 Mod 2

78
What are four things Forwarders do?

- Splunk Enterprise instances that consume and send data the index

- Require minimal resources and have little impact on performance

- Typically reside on the machines where the data originates

- Primary way data is supplied for indexing

Page 27 Mod 2

79
What are the 3 less-common components of Splunk?

Upgrade To Pro
Deployment Server
Cluster Master
License Master

Page 28 Mod 2

80
Splunk Deployment - Standalone or Single Server
Upgrade To Pro
- All functions in a single instance of Splunk

- For testing, proof of concept, personal use, and learning

- This is what you get when you download Splunk and install with default settings

Page 29 Mod 2

81
Splunk Deployment - Basic or Splunk Server

Upgrade To Pro
Has a Splunk server:
- Similar to server in standalone configuration

- Manage deployment of forwarder configurations

Adds forwarders which:

- Collect data and send it to Splunk servers

- Install forwarders at data source (Usually production servers)

Page 30 Mod 2

82
Splunk Deployment - Basic

What are three rules and limits in Basic Deployment for organizations:

Upgrade To Pro
- Indexing less than 20GB per day
- With under 20 users
- Small amount of forwarders

Page 30 Mod 2

84
A Splunk Deployment - Multi-Instance

Upgrade To Pro
- Increases indexing and searching capacity

- Search management and index functions are split across multiple machines

-Search Head - for Searching

-Indexers - Indexing and Parsing
-Forwarders - Provide Input

Page 31 Mod 2

85
What are three rules and limits in Multi - Instance deployment for organizations:

Upgrade To Pro
- Indexing up to 100GB per day
- Supports 100 users
- Supports several hundred forwarders

Page 31 Mod 2

86
Splunk Deployment - Increasing Capacity/Search Head Cluster

Upgrade To Pro
Adding a Search Head Cluster:
- Services more users for increased search capacity
- Allows users and searches to share resources
- Coordinate activities to handle search requests and distribute the requests
across the set of indexers

Require a minimum of three search heads

Use a deployer to manage and distribute apps to the members of the search head
cluster.

Page 32 Mod 2

87
What is the minimum number of Search Heads required to make a cluster?

Upgrade To Pro
3 Search Heads

Page 32 Mod 2

88
What is used to manage and distribute apps to the members of the Search Head
Cluster?

Upgrade To Pro
A Deployer!

Page 32 Mod 2

89
Splunk Deployment - What is an Index Cluster used for?

Upgrade To Pro
Traditional Index Clusters:
- Configured to replicate data
- Prevent data loss
- Promote availability
- Manage multiple indexers

Page 33 Mod 2

90
Two things to know about non-replicating Index Clusters:

Upgrade To Pro
- Offer simplified management
- Do not provide availability or data recovery

Page 33 Mod 2
91
What are the Splunk components installed from the Splunk Enterprise package?

Upgrade To Pro
Indexer (Search Peer)
Search Head
Deployment Server
License Master
Heavy Forwarder
Cluster Master
Search Head Cluster

Page 35 Mod 2

92
splunk help

Upgrade To Pro
Display a usage summary

Page 38 Mod 3

93
splunk [start | stop | restart]

Upgrade To Pro
Manage the Splunk processes

Page 38 Mod 3

94
splunk start --accept-license

Upgrade To Pro
Automatically accept the license without prompt

Page 38 Mod 3

95
splunk status

Upgrade To Pro
Display the Splunk process status

Page 38 Mod 3

96
splunk show splunkd-port

Upgrade To Pro
Show the port that the splunkd listens on

Page 38 Mod 3

97
splunk show web-port

Upgrade To Pro
Show the port that Splunk Web listens on
Page 38 Mod 3

98
splunk show servername

Upgrade To Pro
Show the servername of this instance

Page 38 Mod 3

99
splunk show default-hostname

Upgrade To Pro
Show the default host name used for all data inputs

Page 38 Mod 3

100
splunk enable boot-start-user

Upgrade To Pro
Initialize script to run Splunk Enterprise at system startup

Page 38 Mod 3

101
splunk enable boot-start-user

Upgrade To Pro
Initialize script to run Splunk Enterprise at system startup

Page 38 Mod 3

102
Splunk Index Time Process

Input Phase:

Upgrade To Pro
Handled at the source (usually a forwarder)
- The data sources are being opened and read
- Data is handled as streams and any configuration settings are applied to the
entire stream

Page 40 Mod 4

103
Splunk Index Time Process

Parsing Phase:

Upgrade To Pro
Handled by indexers (or heavy forwarders)
- Data is broken up into events and advanced processing can be performed

Page 40 Mod 4
104
Splunk Index Time Process

Indexing Phase:

Upgrade To Pro
- License meter runs as data and is initially written to disk, prior to compression

- After data is written to disk, it cannot be changed

Page 40 Mod 4

105
What are the data input types that Splunk supports?

Upgrade To Pro
Files and directiories
Network data
Script output
Windows logs
HTTP

You can add data inputs with:

Apps and add-ons from Splunkbase
Splunk Web
CLI
Directly editing inputs.conf

Page 41 Mod 4

106
What are the default Metadata settings for Splunk?

Upgrade To Pro
Source
Host
Sourcetype
Index

Page 42 Mod 4

107
What are the Add Data options depending on the source being used?

Upgrade To Pro
Upload Option - allows uploading local files that only get indexed once. Useful for
testing or data that is created once and never gets updated. Does not create
inputs.conf

Monitor Option - provides one-time or continuous monitoring of files, directories,

http events, network ports, or data gathering scripts located on Splunk Enterprise
instances. Useful for testing inputs.

Forward Option - main source of input in production environments. Remote machines

gather and forward data to indexers over a receiving port.

Page 44 Mod 4

108
*NOTE: Splunk parses data into individual events, extracts time, and assigns
metadata each event has a/an:

Upgrade To Pro
timestamp
host
source
sourcetype
index

Page 59 Mod 5

109
What layout options do you have to view your search results in?

Upgrade To Pro
Raw
LIst
Table

110
What are Selected Fields?

Upgrade To Pro
A set of configurable fields displayed for each event

Page 79 Mod 6

111
What are Interesting Fields?

Upgrade To Pro
They occur in at least 20% of resulting events.

Page 79 Mod 6

112
Fast Mode:

Upgrade To Pro
Emphasizes speed over completeness

Page 89 Mod 6

113
Smart Mode:

Upgrade To Pro
Balances speed and completeness (default)

Page 89 Mod 6

114
Verbose Mode:

Upgrade To Pro
- Emphasizes completeness over speed
- Allows access to underlying events when using reporting or statistical commands
(in addition to totals and stats)
Page 89 Mod 6

115
What are the syntax components of Splunk's Search Language?

Upgrade To Pro
Search for this
PIPE
Command
Function
Argument
Clause

Page 97 Mod 8

116
What are the 5 basic components that make up the Splunk Search Language?

Upgrade To Pro
Search Terms
Commands
Functions
Arguments
Clauses

Page 98 Mod 8

117
Search Language Syntax Components

What are you looking for?

- Keywords, phrases, Booleans, etc

Upgrade To Pro
Search Terms

Page 98 Mod 8

118
Search Language Syntax Components

What do you want to do with the results?

Upgrade To Pro
Commands

Page 98 Mod 8

119
Search Language Syntax Components

How do you want to chart, compute, or evaluate the results?

Upgrade To Pro
Functions

Page 98 Mod 8
120
Search Language Syntax Components

Are there variables you want to apply to this function?

Upgrade To Pro
Arguments

Page 98 Mod 8

121
Search Language Syntax Components

How do you want to group or rename the fields in the results?

Upgrade To Pro
Clauses

Page 98 Mod 8

122
What are the colors of Splunk's search syntax?

Upgrade To Pro
Boolean Operators/Command Modifiers - ORANGE
Commands - BLUE
Command Arguments - GREEN
Functions - PURPLE

Page 101 Mod 8

123
What are the transforming commands?

Upgrade To Pro
chart
timechart
stats
top
rare
contingency
highlight

124
Machine data is always structured.

Upgrade To Pro
False!

125
Machine data makes up for more than ___% of the data accumulated by organizations.

Upgrade To Pro
90%

126
Machine data is only generated by web servers.

Upgrade To Pro
False!

127
Which function is not a part of a single instance deployment?

Upgrade To Pro
Clustering!

128
What are the three main processing components of Splunk?

Upgrade To Pro
Forwarders
Search Heads
Indexers

Page 23 Mod 2

129
Which of these is not a main component of Splunk?

Upgrade To Pro
Compress and archive

130
What are the three main default roles in Splunk Enterprise?

Upgrade To Pro
User
Power User
Admin

Page 11 Mod 1roles can

131
You can launch and manage apps from the home app.

Upgrade To Pro
True!

132
Which apps ship with Splunk Enterprise?

Upgrade To Pro
Search & Reporting
Home App

133
In most production environments, _______ will be used as the source of data input.

Upgrade To Pro
Forwarders

134
The monitor input option will allow you to continuously monitor files.

Upgrade To Pro
True!
135
Splunk uses ________ to categorize the type of data being indexed.

Upgrade To Pro
Sourcetype!

136
When zooming in on the event time line, a new search is run.

Upgrade To Pro
False!

137
How is the asterisk used in Splunk search?

Upgrade To Pro
A wildcard

138
These are booleans in the Splunk Search Language.

Upgrade To Pro
NOT
OR
AND

139
What attributes describe the circled field below?
a dest 4

Upgrade To Pro
It contains string values
It contains 4 values

140
Field names are ________.

Upgrade To Pro
Case sensitive

141
Which is not a comparison operator in Splunk?

Upgrade To Pro
?=

142
As a general practice, exclusion is better than inclusion in a Splunk search.

Upgrade To Pro
False!

143
What is the most efficient way to filter events in Splunk?

Upgrade To Pro
By time!

144
Time to search can only be set by the time range picker.

Upgrade To Pro
False!

145
Excluding fields using the Fields Command will benefit performance.

Upgrade To Pro
False!

146
Finish the rename command to change the name of the status field to HTTP Status.
sourcetype=a* status=404 | rename _____

Upgrade To Pro
status as "HTTP Status"

147
Would the ip column be removed in the results of this search? Why or why not?

sourcetype=a* | rename ip as "User" | fields - ip

Upgrade To Pro
NO, because the name was changed

148
How many results are shown by default when using a Top or Rare Command?

Upgrade To Pro
10

149
Which one of these is not a stats function?

Upgrade To Pro
Addtotals

150
Which stats function would you use to find the average value of a field?

Upgrade To Pro
avg

151
The User role can not create reports.

Upgrade To Pro
False!

152
A time range picker can be included in a report.

Upgrade To Pro
True!

153
These roles can create reports:
Upgrade To Pro
User
Power
Admin

154
Data models are made up of ___________.

Upgrade To Pro
Datasets

155
Adding child data model objects is like the ______ Boolean in the Splunk search
language.

Upgrade To Pro
AND

156
Pivots cannot be saved as reports panels.

Upgrade To Pro
False!

157
To keep from overwriting existing fields with your Lookup you can use the
____________ clause.

Upgrade To Pro
OUTPUTNEW

158
External data used by a Lookup can come from sources like:

Upgrade To Pro
Scripts
CSV
Geospatial data

159
When using a .csv file for Lookups, the first row in the file represents this.

Upgrade To Pro
Field names

160
Once an alert is created, you can no longer edit its defining search.

Upgrade To Pro
False!

161
Alerts can be shared to all apps.

Upgrade To Pro
True!

162
Alerts can run uploaded scripts.
Upgrade To Pro
True!

163
Search strings are sent from the _________.

Upgrade To Pro
Search Head!

164
In most Splunk deployments, ________ serve as the primary way data is supplied for
indexing.

Upgrade To Pro
Forwarders!

165
Splunk knows where to break the event, where the time stamp is located and how to
automatically create field value pairs using these.

Upgrade To Pro
Sourcetypes!

166
When a search is sent to splunk, it becomes a _____.

Upgrade To Pro
Search Job!

167
Field values are case sensitive.

Upgrade To Pro
False!

168
Having separate indexes allows:

Upgrade To Pro
Faster Searches
Multiple retention policies
Ability to limit access

169
What command would you use to remove the status field from the returned events?

Upgrade To Pro
fields -

170
Which clause would you use to rename the count field?

Upgrade To Pro
as

171
Charts can be based on numbers, time, or location.
Upgrade To Pro
True!

172
In a dashboard, a time range picker will only work on panels that include a(n)
__________ search.

Upgrade To Pro
Inline

173
In a dashboard, a time range picker will only work on panels that include a(n)
__________ search.

Upgrade To Pro
Inline

174
Which role(s) can create data models?

Upgrade To Pro
Power
Admin

175
The instant pivot button is displayed in the statistics and visualization tabs when
a _______ search is run.

Upgrade To Pro
Non-transforming

176
A lookup is categorized as a dataset.

Upgrade To Pro
True!

177
Finish this search command so that it displays data from the http_status.csv Lookup
file.
| ______ http_status.csv

Upgrade To Pro
inputlookup

178
Real-time alerts will run the search continuously in the background.

Upgrade To Pro
True

179
What is the order of evaluation for Boolean operations in Splunk?

Upgrade To Pro
NOT
OR
AND
180
Commands that create statistics and visualizations are called _______________
commands.

Upgrade To Pro
transforming

181
Shared search jobs remain active for _______ by default.

Upgrade To Pro
7 days

182
Wildcards cannot be used with field searches.

Upgrade To Pro
False

183
This symbol is used in the "Advanced" section of the time range picker to round
down to nearest unit of specified time.

Upgrade To Pro
@

184
What is missing from this search?
sourcetype=a* | rename ip as "User IP" | table User IP

Upgrade To Pro
Quotation marks around User IP

185
_____________ are reports gathered together into a single pane of glass.

Upgrade To Pro
Dashboards

186
An alert is an action triggered by a _____________.

Upgrade To Pro
Saved Search

187
Search requests are processed by the ___________.

Upgrade To Pro
Indexers

188
This role will only see their own knowledge objects and those that have been shared
with them.

Upgrade To Pro
User

189
Files indexed using the the upload input option get indexed _____.

Upgrade To Pro
Once

190
Events are always returned in chronological order.

Upgrade To Pro
False

191
Events are always returned in chronological order.

Upgrade To Pro
False

192
A search job will remain active for ___ minutes after it is run.

Upgrade To Pro
10 mins

193
Excluding fields using the Fields Command will benefit performance.

Upgrade To Pro
False

194
The time stamp you see in the events is based on the time zone in your user
account.

Upgrade To Pro
True

195
If a search returns this, you can view the results as a chart.

Upgrade To Pro
Statistical values