Which of the following are supported rollup functions in Splunk Observability Cloud?
Correct Answer: A
According to the Splunk O11y Cloud Certified Metrics User Track document1, Observability Cloud has the following rollup functions: Sum: (default for counter metrics): Returns the sum of all data points in the MTS reporting interval. Average (default for gauge metrics): Returns the average value of all data points in the MTS reporting interval. Min: Returns the minimum data point value seen in the MTS reporting interval. Max: Returns the maximum data point value seen in the MTS reporting interval. Latest: Returns the most recent data point value seen in the MTS reporting interval. Lag: Returns the difference between the most recent and the previous data point values seen in the MTS reporting interval. Rate: Returns the rate of change of data points in the MTS reporting interval. Therefore, option A is correct.
SPLK-4001 Exam Question 2
What constitutes a single metrics time series (MTS)?
Correct Answer: B
The correct answer is B. A set of data points that all have the same metric name and list of dimensions. A metric time series (MTS) is a collection of data points that have the same metric and the same set of dimensions. For example, the following sets of data points are in three separate MTS: MTS1: Gauge metric cpu.utilization, dimension "hostname": "host1" MTS2: Gauge metric cpu.utilization, dimension "hostname": "host2" MTS3: Gauge metric memory.usage, dimension "hostname": "host1" A metric is a numerical measurement that varies over time, such as CPU utilization or memory usage. A dimension is a key-value pair that provides additional information about the metric, such as the hostname or the location. A data point is a combination of a metric, a dimension, a value, and a timestamp1
SPLK-4001 Exam Question 3
What Pod conditions does the Analyzer panel in Kubernetes Navigator monitor? (select all that apply)
Correct Answer: A,B,C,D
The Pod conditions that the Analyzer panel in Kubernetes Navigator monitors are: Not Scheduled: This condition indicates that the Pod has not been assigned to a Node yet. This could be due to insufficient resources, node affinity, or other scheduling constraints1 Unknown: This condition indicates that the Pod status could not be obtained or is not known by the system. This could be due to communication errors, node failures, or other unexpected situations1 Failed: This condition indicates that the Pod has terminated in a failure state. This could be due to errors in the application code, container configuration, or external factors1 Pending: This condition indicates that the Pod has been accepted by the system, but one or more of its containers has not been created or started yet. This could be due to image pulling, volume mounting, or network issues1 Therefore, the correct answer is A, B, C, and D. To learn more about how to use the Analyzer panel in Kubernetes Navigator, you can refer to this documentation2. 1: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase 2: https://docs.splunk.com/observability/infrastructure/monitor/k8s-nav.html#Analyzer-panel
SPLK-4001 Exam Question 4
One server in a customer's data center is regularly restarting due to power supply issues. What type of dashboard could be used to view charts and create detectors for this server?
Correct Answer: A
According to the Splunk O11y Cloud Certified Metrics User Track document1, a single-instance dashboard is a type of dashboard that displays charts and information for a single instance of a service or host. You can use a single-instance dashboard to monitor the performance and health of a specific server, such as the one that is restarting due to power supply issues. You can also create detectors for the metrics that are relevant to the server, such as CPU usage, memory usage, disk usage, and uptime. Therefore, option A is correct.
SPLK-4001 Exam Question 5
What information is needed to create a detector?
Correct Answer: D
According to the Splunk Observability Cloud documentation1, to create a detector, you need the following information: Alert Signal: This is the metric or dimension that you want to monitor and alert on. You can select a signal from a chart or a dashboard, or enter a SignalFlow query to define the signal. Alert Condition: This is the criteria that determines when an alert is triggered or cleared. You can choose from various built-in alert conditions, such as static threshold, dynamic threshold, outlier, missing data, and so on. You can also specify the severity level and the trigger sensitivity for each alert condition. Alert Settings: This is the configuration that determines how the detector behaves and interacts with other detectors. You can set the detector name, description, resolution, run lag, max delay, and detector rules. You can also enable or disable the detector, and mute or unmute the alerts. Alert Message: This is the text that appears in the alert notification and event feed. You can customize the alert message with variables, such as signal name, value, condition, severity, and so on. You can also use markdown formatting to enhance the message appearance. Alert Recipients: This is the list of destinations where you want to send the alert notifications. You can choose from various channels, such as email, Slack, PagerDuty, webhook, and so on. You can also specify the notification frequency and suppression settings.
