Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Splunk
  3. SPLK-3002

Splunk SPLK-3002 Exam (page: 1)
Splunk IT Service Intelligence Certified Admin
Updated on: 07-Feb-2026

Viewing Page 1 of 12
SPLK-3002 PDF 98 Questions

After a notable event has been closed, how long will the meta data for that event remain in the KV Store by default?

  1. 6 months.
  2. 9 months.
  3. 1 year.
  4. 3 months.

Answer(s): A

Explanation:

By default, notable event metadata is archived after six months to keep the KV store from growing too large.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections



Which of the following is a best practice for identifying the most effective services with which to start an iterative ITSI deployment?

  1. Only include KPIs if they will be used in multiple services.
  2. Analyze the business to determine the most critical services.
  3. Focus on low-level services.
  4. Define a large number of key services early.

Answer(s): A


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA



When creating a custom deep dive, what color are services/KPIs in maintenance mode within the topology view?

  1. Gray
  2. Purple
  3. Gear Icon
  4. Blue

Answer(s): A

Explanation:

Services, entities, and KPIs that are fully or partially impacted by a maintenance window appear in a dark gray color on pages that display health scores, including service analyzers, service and entity details pages, glass tables, multi-KPI alerts, and deep dives.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/Configure/AboutMW



Which deep dive swim lane type does not require writing SPL?

  1. Event lane.
  2. Automatic lane.
  3. Metric lane.
  4. KPI lane.

Answer(s): B

Explanation:

Among all the search configurations, automatic lane doesn’t need to be written in Splunk Processing language.



Which of the following items apply to anomaly detection? (Choose all that apply.)

  1. Use AD on KPIs that have an unestablished baseline of data points. This allows the ML pattern to perform it’s magic.
  2. A minimum of 24 hours of data is needed for anomaly detection, and a minimum of 4 entities for cohesive analysis.
  3. Anomaly detection automatically generates notable events when KPI data diverges from the pattern.
  4. There are 3 types of anomaly detection supported in ITSI: adhoc, trending, and cohesive.

Answer(s): B,C

Explanation:

The KPI must be split by entity, and a minimum of four entities is required.
Minimum amount of data 24 hours 24 hours
If the KPI diverges from the normal pattern, ITSI creates a notable event in Episode Review.


Reference:

https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/AD



Viewing Page 1 of 12



Share your comments for Splunk SPLK-3002 exam with other users:

Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA