Manage Flashcards — Study Assistant

All Cards

69 cards total

SPLUNK-CORE

Alerts

10 cards · 10 basic · 0 cloze

Basic 10 cards

What are the two types of alert scheduling in Splunk?	claude
What is a throttle in the context of Splunk alerts?	claude
What permission level is required to create a scheduled alert in Splunk?	claude
What is the difference between "Per-Result" and "Number of Results" alert trigger conditions?	claude
What alert action in Splunk adds triggered alert information to a shared, reviewable list...	claude
What is the purpose of the "Expires" setting on a Splunk alert?	claude
What trigger condition should be used to fire an alert when the number of results in a time...	claude
What Splunk alert action can be used to automatically create a ticket or send a notification to...	claude
Where in Splunk can you view all alerts that have fired within the configured expiration window?	claude
What is the significance of alert severity levels in Splunk?	claude

Basic Searching

10 cards · 10 basic · 0 cloze

Basic 10 cards

What is the default time range used when performing a search in Splunk if no time range is specified?	claude
What does the `index` keyword do in a Splunk search?	claude
What is the difference between a `AND`, `OR`, and `NOT` Boolean operator in Splunk searches?	claude
What are the three main components of the Splunk Search Processing Language (SPL) pipeline?	claude
What does the wildcard character `*` do in a Splunk search string?	claude
What is the purpose of field-value pair searching in Splunk?	claude
What is the role of the `sourcetype` field in a Splunk search?	claude
What does the `stats count` command do in a Splunk search?	claude
What is the difference between a "transforming command" and a "streaming command" in Splunk?	claude
How does Splunk's search use "keywords" to find events, and where does it look?	claude

Reports and Dashboards

10 cards · 10 basic · 0 cloze

Basic 10 cards

What is the difference between a Report and a Dashboard in Splunk?	claude
What acceleration option is available for Reports in Splunk?	claude
How can a Report be shared with other Splunk users?	claude
What are the three time range options when scheduling a Report in Splunk?	claude
What is a Dashboard Panel in Splunk?	claude
What is the purpose of Dashboard Inputs (tokens) in Splunk?	claude
What file format underlies a Classic Splunk Dashboard, and where is it stored?	claude
What scheduling action can be triggered automatically when a scheduled Report runs in Splunk?	claude
What is the difference between "Powered by Report" and "Inline Search" panels in a Splunk Dashboard?	claude
What Splunk feature allows a Dashboard to automatically refresh its data at a set interval?	claude

Search Language Fundamentals

10 cards · 10 basic · 0 cloze

Basic 10 cards

What is the default time range used when no time picker selection is made in a Splunk search?	claude
What is the purpose of the `stats` command in SPL?	claude
What is the difference between a transforming command and a non-transforming command in Splunk?	claude
What does the `eval` command do in SPL?	claude
What is the function of the pipe (`\|`) character in a Splunk search?	claude
What is the role of Boolean operators in a Splunk search, and what is their order of precedence?	claude
What is the `table` command used for in SPL?	claude
What is the difference between the `search` command and the `where` command in SPL?	claude
What does a field extraction using the `rex` command accomplish in SPL?	claude
What is the purpose of the `dedup` command in SPL?	claude

Splunk Basics

10 cards · 10 basic · 0 cloze

Basic 10 cards

What is a Splunk index?	claude
What are the three main processing components of the Splunk architecture?	claude
What is the default field that Splunk automatically assigns to every indexed event?	claude
What is a sourcetype in Splunk?	claude
What is the role of a Universal Forwarder in Splunk?	claude
What is the Splunk Search Processing Language (SPL)?	claude
What are transforming commands in Splunk, and why are they important?	claude
What is the difference between a scheduled report and an alert in Splunk?	claude
What is the purpose of field extraction in Splunk?	claude
What are the four types of Splunk knowledge objects?	claude

Using Fields

9 cards · 9 basic · 0 cloze

Basic 9 cards

What does the `fields` command do in a Splunk search, and what are its two modes?	claude
What is field extraction in Splunk and when does it occur?	claude
What is the purpose of the `field.conf` file in Splunk?	claude
How does Splunk handle field names that differ only in case (e.g., "Status" vs. "status")?	claude
What is the `rex` command used for in Splunk?	claude
What does the `rename` command do in Splunk?	claude
What is a multi-value field in Splunk and how can you create one?	claude
What is the Fields sidebar in Splunk and what does it display?	claude
What is the purpose of the `eval` command when used with fields in Splunk?	claude

Working with Events

10 cards · 10 basic · 0 cloze

Basic 10 cards

What is an event in Splunk?	claude
What does the `fields` command do when used with a minus sign (e.g., `fields - fieldname`)?	claude
What is event segmentation in Splunk, and why does it matter?	claude
What is the purpose of the `table` command in Splunk?	claude
How does the `rename` command affect fields in Splunk search results?	claude
What is the difference between a raw event and a field-value pair in Splunk?	claude
What does the `dedup` command do in a Splunk search?	claude
What is the role of the `sort` command in Splunk, and what is the default sort order?	claude
What does `eval` do when used to create a new field in Splunk?	claude
What is the significance of the selected time range when working with events in Splunk?	claude

Add Card

Topic

Card Type

Front

Use {{c1::answer}} to mark the blank — e.g. The default HTTPS port is {{c1::443}}

Back (Answer)

Back to Queue

Manage Cards