Free Splunk SPLK-3002 Exam Actual Questions

The questions for SPLK-3002 were last updated On Nov 3, 2024

Question No. 1

Which of the following is a recommended best practice for ITSI installation?

Show Answer Hide Answer
Correct Answer: A

One of the recommended best practices for Splunk IT Service Intelligence (ITSI) installation is to avoid installing ITSI on search heads that already have Splunk Enterprise Security (ES) installed. This recommendation stems from potential resource conflicts and performance issues that can arise when both resource-intensive applications are deployed on the same instance. Both ITSI and ES are complex applications that require significant system resources to function effectively, and running them concurrently on the same search head can lead to degraded performance, conflicts in resource allocation, and potential stability issues. It's generally advised to segregate these applications onto separate Splunk instances to ensure optimal performance and stability for both platforms.


Question No. 2

When a KPI's aggregate value is calculated, which function is called?

Show Answer Hide Answer
Correct Answer: B

In Splunk IT Service Intelligence (ITSI), when a Key Performance Indicator (KPI) aggregate value is calculated, the tstats function is often called. The tstats function in Splunk is used for rapid statistical queries over large volumes of data, which is particularly useful in ITSI for efficiently calculating aggregate values of KPIs across potentially vast datasets. This function allows for quick aggregation and summarization of indexed data, which is essential for monitoring and analyzing the performance metrics that KPIs represent in ITSI. Unlike the stats command, which operates on already retrieved events, tstats works directly on indexed data, providing faster performance especially when dealing with high volumes of data typical in an IT environment. The tstats command is therefore fundamental in the backend processing of ITSI for calculating aggregate values of KPIs, enabling real-time and historical analysis of service health and performance.


Question No. 5

What are valid ITSI Glass Table editor capabilities? (Choose all that apply.)

Show Answer Hide Answer
Correct Answer: A, C, D

Create a glass table to visualize and monitor the interrelationships and dependencies across your IT and business services.

The service swapping settings are saved and apply the next time you open the glass table.

You can add metrics like KPIs, ad hoc searches, and service health scores that update in real time against a background that you design. Glass tables show real-time data generated by KPIs and services.


The glass table editor is a tool that allows you to create and edit glass tables in ITSI. Some of the capabilities of the glass table editor are:

Creating glass tables from scratch or from existing templates.

Configuring service swapping on widgets to toggle displaying metrics from different services.

Adding KPI metric lanes to glass tables to show historical trends of KPI values.

The glass table editor does not support correlation search creation, which is a separate feature in ITSI that allows you to create searches that look for relationships between data points and generate notable events. Reference:Overview of the glass table editor in ITSI, [Configure service swapping on glass tables], [Add KPI metric lanes to glass tables], [Overview of correlation searches in ITSI]