Besides creating notable events, what are the default alert actions a correlation search can execute? (Choose all that apply.)
Correct Answer: B,C,D
Throttling applies to any correlation search alert type, including notable events and actions (RSS feed, email, run script, and ticketing). Reference: B, C, and D are correct answers because they are the default alert actions that a correlation search can execute besides creating notable events. You can configure a correlation search to send an email, include the results in an RSS feed, or run a custom script when the search matches a defined pattern. Ping a host is not a default alert action for correlation searches. Reference: Configure correlation search settings in ITSI
SPLK-3002 Exam Question 22
Which capabilities are enabled through "teams"?
Correct Answer: D
D is the correct answer because teams allow you to restrict access to service content in UI views such as service analyzers, glass tables, deep dives, and episode review. Teams also control access to services and KPIs for editing and viewing purposes. Teams do not affect the ability to search against the itsi_summary index, restrict notable event alert actions, or restrict searches against the itsi_notable_audit index. Reference: Overview of teams in ITSI
SPLK-3002 Exam Question 23
Which of the following best describes an ITSI Glass Table?
Correct Answer: A
An ITSI Glass Table provides a customizable, high-level view that can display a system's topology overlaid with real-time Key Performance Indicator (KPI) metrics and service health scores. This visualization tool allows users to create a visual representation of their IT infrastructure, applications, and services, integrating live data to monitor the health and performance of each component in context. The ability to overlay KPI metrics on the system topology enables IT and business stakeholders to quickly understand the operational status and health of various elements within their environment, facilitating more informed decision-making and rapid response to issues.
SPLK-3002 Exam Question 24
Which of the following describes entities? (Choose all that apply.)
Correct Answer: A
SPLK-3002 Exam Question 25
What are valid considerations when designing an ITSI Service? (Choose all that apply.)
Correct Answer: A,B,C
Reference: A, B, and C are correct answers because service access control requirements for ITSI Team Access should be considered before creating the ITSI Service, as different teams may have different permissions and views of the service data. Entities, entity meta-data, and entity rules should also be planned carefully to support the service design and configuration, as they determine how ITSI maps data sources to services and KPIs. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index for faster retrieval and analysis. Reference: ITSI service design best practices, Overview of ITSI indexes
