ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-3002 All Questions

View all questions & answers for the SPLK-3002 exam
Go to Exam

Exam SPLK-3002 topic 1 question 41 discussion

Actual exam question from Splunk's SPLK-3002
Question #: 41
Topic #: 1
[All SPLK-3002 Questions]

Which index contains ITSI Episodes?

  • A. itsi_tracked_alerts
  • B. itsi_grouped_alerts
  • C. itsi_notable_archive
  • D. itsi_summary
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by otb_282 at March 14, 2023, 6:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
8b5c1e8
2 months ago
Selected Answer: B
is the correct answer because ITSI episodes are stored in the itsi_grouped_alerts index. This index contains notable events that have been grouped together based on predefined aggregation policies. Episodes help you reduce alert noise and focus on resolving incidents faster. Reference: [Overview of episodes in ITSI]
upvoted 1 times
...
Baba111222
1 year, 4 months ago
Selected Answer: B
"The itsi_grouped_alerts index is the index that contains live episode data. Each time a correlation search runs and updates an episode, itsi_grouped_alerts houses a new entry for the episode. It is this index you will search over to look for open episodes attached to your service." source: https://lantern.splunk.com/Observability/Product_Tips/IT_Service_Intelligence/Bringing_episode_data_into_service_scores
upvoted 3 times
...
otb_282
2 years, 2 months ago
B. itsi_grouped_alerts
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel