When deploying ITSI on a distributed Splunk installation, which component must be installed on the search head(s)?

A. SA-ITOA

B. ITSI app

C. All ITSI components

D. SA-ITSI-Licensechecker

Which of the following describes entities? (Choose all that apply.)

A. Entities must be IT devices, such as routers and switches, and must be identified by either IP value, host name, or mac address.

B. An abstract (pseudo/logical) entity can be used to split by for a KPI, although no entity rules or filtering can be used to limit data to a specific service.

C. Multiple entities can share the same alias value, but must have different role values.

D. To automatically restrict the KPI to only the entities in a particular service, select “Filter to Entities in

Service”.

What effects does the KPI importance weight of 11 have on the overall health score of a service?

A. At least 10% of the KPIs will go critical.

B. Importance weight is unused for health scoring.

C. The service will go critical.

D. It is a minimum health indicator KPI.

Which of the following is an advantage of using adaptive time thresholds?

A. Automatically update thresholds daily to manage dynamic changes to KPI values.

B. Automatically adjust KPI calculation to manage dynamic event data.

C. Automatically adjust aggregation policy grouping to manage escalating severity.

D. Automatically adjust correlation search thresholds to adjust sensitivity over time.

Which capabilities are enabled through “teams”?

A. Teams allow searches against the itsi_summaryindex.

B. Teams restrict notable event alert actions.

C. Teams restrict searches against the itsi_notable_auditindex.

D. Teams allow restrictions to service content in UI views.

In maintenance mode, which features of KPIs still function?

A. KPI searches will execute but will be buffered until the maintenance window is over.

B. KPI searches still run during maintenance mode, but results go to itsi_maintenance_summaryindex.

C. New KPIs can be created, but existing KPIs are locked.

D. KPI calculations and threshold settings can be modified.

Which index contains ITSI Episodes?

A. itsi_tracked_alerts

B. itsi_grouped_alerts

C. itsi_notable_archive

D. itsi_summary

Which of the following describes enabling smart mode for an aggregation policy?

A. Configure –andgt; Policies –andgt; Smart Mode –andgt; Enable, select “fields”, click “Save”

B. Enable grouping in Notable Event Review, select “Smart Mode”, select “fields”, and click “Save”

C. Edit the aggregation policy, enable smart mode, select fields to analyze, click “Save”

D. Edit the notable event view, enable smart mode, select “fields”, and click “Save”

Which of the following is a good use case regarding defining entities for a service?

A. Automatically associate entities to services using multiple entity aliases.

B. All of the entities have the same identifying field name.

C. Being able to split a CPU usage KPI by host name.

D. KPI total values are aggregated from multiple different category values in the source events.

When installing ITSI to support a Distributed Search Architecture, which of the following items apply? (Choose all that apply.)

A. Copy SA-IndexCreationto all indexers.

B. Copy SA-IndexCreationto the etc/apps directory on the index cluster master node.

C. Extract installer package into etc/apps directory of the cluster deployer node.

D. Extract ITSI app package into etc/apps directory of search head.