A.  

Notable event groups combine independent notable events.

B.  

Notable event groups are created in the itsi_tracked_alerts index.

C.  

Notable event groups allow users to adjust threshold settings.

D.  

All of the above.

A.  

Service templates can be modified after services are instantiated from it.

B.  

Service templates contain KPIs and KPI thresholds.

C.  

Service templates can contain specific or generic entity rules.

D.  

Service templates contain domain specific dashboards and deep dives.

A.  

Teams allow searches against the itsi_summary index.

B.  

Teams restrict notable event alert actions.

C.  

Teams restrict searches against the itsi_notable_audit index.

D.  

Teams allow restrictions to service content in UI views.

A.  

KPI searches will execute but will be buffered until the maintenance window is over.

B.  

KPI searches still run during maintenance mode, but results go to itsi_maintenance_summary index.

C.  

New KPIs can be created, but existing KPIs are locked.

D.  

KPI calculations and threshold settings can be modified.

A.  

The default index.

B.  

KV Store.

C.  

Output to a CSV lookup.

D.  

The itsi_summary index.

A.  

Score over composite.

B.  

Value over time.

C.  

Status over time.

D.  

Rise over run.

A.  

A pre-configured default ITSI backup job is provided that can be modified, but not deleted.

B.  

ITSI backup is inclusive of KV Store, ITSI Configurations, and index dependencies.

C.  

kvstore_to_json.py can be used in scripts or command line to backup ITSI for full or partial backups.

D.  

ITSI backups are stored as a collection of JSON formatted files.

A.  

Filtering criteria

B.  

Policy version

C.  

Review order

D.  

Module rules

A.  

A person can only configure 24 policies, one for each hour of the day.

B.  

They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00

C.  

If a person expects a KPI to change significantly through a cycle on a daily basis, don’t use it.

D.  

It is possible for multiple time policies to overlap.

A.  

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

B.  

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_team_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

C.  

itoa_finance_admin, inherited from itoa_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_team_analyst.

D.  

itoa_finance_admin, inherited from itoa_team_admin; itoa_sales_admin, inherited from itoa_team_admin; itoa_finance_analyst, inherited from itoa_analyst; itoa_sales_analyst, inherited from itoa_analyst.

A.  

Service, status, owner.

B.  

Severity, status, owner.

C.  

Severity, comments, service.

D.  

Severity, status, service.

A.  

Service templates.

B.  

Service dependencies.

C.  

Ad-hoc search.

D.  

Service swapping.

A.  

Service access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.

B.  

Entities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.

C.  

Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.

D.  

Backfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

A.  

KPI threshold breaches.

B.  

KPI anomaly detection.

C.  

Multi-KPI alert.

D.  

Correlation search.

A.  

Are manually generated and can be accessed via the Service Analyzer.

B.  

Include all KPIs of all services.

C.  

Are auto-generated and can be accessed via the Service Analyzer.

D.  

Include health scores of all services.

A.  

fieldname

B.  

C.  

%fieldname%

D.  

eval(fieldname)

A.  

Teams should have itoa admin roles added with read-only permissions for services and entities.

B.  

Services should be assigned to the 'global' team if all users need access to it.

C.  

By default, all services are owned by the built-in 'global' team and administered by the 'itoa_admin' role.

D.  

A new team admin role should be created for each team. The new role should inherit the 'itoa_team_admin' role.

A.  

SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)

B.  

SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)

C.  

SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)

D.  

SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

A.  

Twoormore entitieswiththe same service ID.

B.  

Twoormore entitieswiththe same entity ID.

C.  

Twoormore entitieswiththe same value in a single alias field.

D.  

Twoormore entitieswiththe same entity key value inanyinfo field.

A.  

Via c CSV upload.

B.  

Via the entity lister page.

C.  

Via a search using the | deleteentity command.

D.  

All of the above.

A.  

Event lane.

B.  

Automatic lane.

C.  

Metric lane.

D.  

KPI lane.

A.  

Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.

B.  

A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.

C.  

Anomaly detection automatically generates notable events when KPI data diverges from the pattern.

D.  

There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

A.  

KPI

B.  

Multi-KPI alert

C.  

Entity

D.  

Service

A.  

Comparing a service’s notable events over a time period.

B.  

Visualizing one or more Service KPIs values by time.

C.  

Examining and comparing alert levels for KPIs in a service over time.

D.  

Comparing swim lane values for a slice of time.

A.  

Create service templates for each group and create the services from the templates.

B.  

Create teams for each department and assign KPIs to each team.

C.  

Create services for each group and set the permissions of the services to restrict them to each group.

D.  

Create teams for each department and assign services to the teams.

A.  

Automatically update thresholds daily to manage dynamic changes to KPI values.

B.  

Automatically adjust KPI calculation to manage dynamic event data.

C.  

Automatically adjust aggregation policy grouping to manage escalating severity.

D.  

Automatically adjust correlation search thresholds to adjust sensitivity over time.

A.  

A workflow task.

B.  

A deep dive.

C.  

A notable event group.

D.  

A notable event.