Which of the following applies when configuring time policies for KPI thresholds?

1. A. A person can only configure 24 policies, one for each hour of the day.
2. B. They are great if you expect normal behavior at 1:00 to be different than normal behavior at 5:00
3. C. If a person expects a KPI to change significantly through a cycle on a daily basis, don??t use it.
4. D. It is possible for multiple time policies to overlap.

Correct Answer: B
Time policies are user-defined threshold values to be used at different times of the day or week to account for changing KPI workloads. Time policies accommodate normal variations in usage across your services and improve the accuracy of KPI and service health scores. For example, if your organization??s peak activity is during the standard work week, you might create a KPI threshold time policy that accounts for higher levels of usage during work hours, and lower levels of usage during off-hours and weekends. The statement that applies when configuring time policies for KPI thresholds is:
✑ B. They are great if you expect normal behavior at 1:00 to be different than normal
behavior at 5:00. This is true because time policies allow you to define different thresholdvalues for different time blocks, such as AM/PM, work hours/off hours, weekdays/weekends, and so on. This way, you can account for the expected variations in your KPI data based on the time of day or week.
The other statements do not apply because:
✑ A. A person can only configure 24 policies, one for each hour of the day. This is not true because you can configure more than 24 policies using different time block combinations, such as 3 hour block, 2 hour block, 1 hour block, and so on.
✑ C. If a person expects a KPI to change significantly through a cycle on a daily basis, don??t use it. This is not true because time policies are designed to handle KPIs that change significantly through a cycle on a daily basis, such as web traffic volume or CPU load percent.
✑ D. It is possible for multiple time policies to overlap. This is not true because you can only have one active time policy at any given time. When you create a new time policy, the previous time policy is overwritten and cannot be recovered.
References: Create time-based static KPI thresholds in ITSI

Which capabilities are enabled through ??teams???

1. A. Teams allow searches against the itsi_summary index.
2. B. Teams restrict notable event alert actions.
3. C. Teams restrict searches against the itsi_notable_audit index.
4. D. Teams allow restrictions to service content in UI views.

Correct Answer: D
D is the correct answer because teams allow you to restrict access to service content in UI views such as service analyzers, glass tables, deep dives, and episode review. Teams alsocontrol access to services and KPIs for editing and viewing purposes. Teams do not affect the ability to search against the itsi_summary index, restrict notable event alert actions, or restrict searches against the itsi_notable_audit index. References: Overview of teams in ITSI

Which of the following are the default ports that must be configured on Splunk to use ITSI?

1. A. SplunkWeb (8405), SplunkD (8519), and HTTP Collector (8628)
2. B. SplunkWeb (8089), SplunkD (8088), and HTTP Collector (8000)
3. C. SplunkWeb (8000), SplunkD (8089), and HTTP Collector (8088)
4. D. SplunkWeb (8088), SplunkD (8089), and HTTP Collector (8000)

Correct Answer: C
Reference: https://splunk.github.io/docker-splunk/ARCHITECTURE.html
C is the correct answer because ITSI uses the default ports of Splunk Enterprise for its communication and data collection. SplunkWeb uses port 8000, SplunkD uses port 8089, and HTTP Event Collector uses port 8088. These ports can be changed if needed, but they must match the configuration of Splunk Enterprise. References: Ports used by ITSI

Which of the following is a recommended best practice for service and glass table design?

1. A. Plan and implement services first, then build detailed glass tables.
2. B. Always use the standard icons for glass table widgets to improve portability.
3. C. Start with base searches, then services, and then glass tables.
4. D. Design glass tables first to discover which KPIs are important.

Correct Answer: A
Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/GTOverview
A is the correct answer because it is recommended to plan and implement services first, then build detailed glass tables that reflect the service hierarchy and dependencies. This way, you can ensure that your glass tables provide accurate and meaningful service-level insights. Building glass tables first might lead to unnecessary or irrelevant KPIs that do not align with your service goals. References: Splunk IT Service Intelligence Service Design Best Practices

Which of the following is a problem requiring correction in ITSI?

1. A. Twoormore entitieswiththe same service ID.
2. B. Twoormore entitieswiththe same entity ID.
3. C. Twoormore entitieswiththe same value in a single alias field.
4. D. Twoormore entitieswiththe same entity key value inanyinfo field.

Correct Answer: C
In Splunk IT Service Intelligence (ITSI), entities represent infrastructure components, applications, or other elements that are monitored. Each entity is uniquely identified by its entity ID, and entities can be associated with one or more services through the concept of aliases. A problem arises when two or more entities have the same value in a single alias field because aliases are used to match events to entities in ITSI. If multiple entities share the same alias value, ITSI might incorrectly associate data with the wrong entity, leading to inaccurate monitoring and analytics. This scenario requires correction to ensure that each alias uniquely identifies a single entity, thereby maintaining the integrity of the monitoring and analysis process within ITSI. The uniqueness of service IDs, entity IDs, and entity key values in info fields is also important but does not typically present the same level of issue as duplicate values in an alias field.