What are the best practices for creating detectors? (select all that apply)
Correct Answer:ABCD
The best practices for creating detectors are:
✑ View data at highest resolution. This helps to avoid missing important signals or patterns in the data that could indicate anomalies or issues1
✑ Have a consistent value. This means that the metric or dimension used for detection should have a clear and stable meaning across different sources,
contexts, and time periods. For example, avoid using metrics that are affected by changes in configuration, sampling, or aggregation2
✑ View detector in a chart. This helps to visualize the data and the detector logic, as
well as to identify any false positives or negatives. It also allows to adjust the detector parameters and thresholds based on the data distribution and behavior3
✑ Have a consistent type of measurement. This means that the metric or dimension
used for detection should have the same unit and scale across different sources, contexts, and time periods. For example, avoid mixing bytes and bits, or seconds and milliseconds.
1: https://docs.splunk.com/Observability/gdi/metrics/detectors.html#Best-practices-for-
detectors 2: https://docs.splunk.com/Observability/gdi/metrics/detectors.html#Best-
practices-for-detectors 3: https://docs.splunk.com/Observability/gdi/metrics/detectors.html#View-detector-in-a-chart : https://docs.splunk.com/Observability/gdi/metrics/detectors.html#Best-practices-for- detectors
Where does the Splunk distribution of the OpenTelemetry Collector store the configuration files on Linux machines by default?
Correct Answer:B
The correct answer is B. /etc/otel/collector/
According to the web search results, the Splunk distribution of the OpenTelemetry Collector stores the configuration files on Linux machines in the /etc/otel/collector/ directory by default. You can verify this by looking at the first result1, which explains how to install the Collector for Linux manually. It also provides the locations of the default configuration file, the agent configuration file, and the gateway configuration file.
To learn more about how to install and configure the Splunk distribution of the OpenTelemetry Collector, you can refer to this documentation2.
1: https://docs.splunk.com/Observability/gdi/opentelemetry/install-linux-manual.html 2: https://docs.splunk.com/Observability/gdi/opentelemetry.html
For a high-resolution metric, what is the highest possible native resolution of the metric?
Correct Answer:C
The correct answer is C. 1 second.
According to the Splunk Test Blueprint - O11y Cloud Metrics User document1, one of the metrics concepts that is covered in the exam is data resolution and rollups. Data resolution refers to the granularity of the metric data points, and rollups are the process of aggregating data points over time to reduce the amount of data stored.
The Splunk O11y Cloud Certified Metrics User Track document2 states that one of the recommended courses for preparing for the exam is Introduction to Splunk Infrastructure Monitoring, which covers the basics of metrics monitoring and visualization.
In the Introduction to Splunk Infrastructure Monitoring course, there is a section on Data Resolution and Rollups, which explains that Splunk Observability Cloud collects high- resolution metrics at 1-second intervals by default, and then applies rollups to reduce the data volume over time. The document also provides a table that shows the different rollup intervals and retention periods for different resolutions.
Therefore, based on these documents, we can conclude that for a high-resolution metric, the highest possible native resolution of the metric is 1 second.
A user wants to add a link to an existing dashboard from an alert. When they click the dimension value in the alert message, they are taken to the dashboard keeping the context. How can this be accomplished? (select all that apply)
Correct Answer:AC
The possible ways to add a link to an existing dashboard from an alert are:
✑ Build a global data link. A global data link is a feature that allows you to create a link from any dimension value in any chart or table to a dashboard of your choice. You can specify the source and target dashboards, the dimension name and value, and the query parameters to pass along. When you click on the dimension value in the alert message, you will be taken to the dashboard with the context preserved1
✑ Add a link to the field. A field link is a feature that allows you to create a link from any field value in any search result or alert message to a dashboard of your choice. You can specify the field name and value, the dashboard name and ID, and the query parameters to pass along. When you click on the field value in the alert message, you will be taken to the dashboard with the context preserved2
Therefore, the correct answer is A and C.
To learn more about how to use global data links and field links in Splunk Observability Cloud, you can refer to these documentations12.
1: https://docs.splunk.com/Observability/gdi/metrics/charts.html#Global-data-links 2: https://docs.splunk.com/Observability/gdi/metrics/search.html#Field-links
The built-in Kubernetes Navigator includes which of the following?
Correct Answer:D
The correct answer is D. Map, Nodes, Workloads, Node Detail, Workload Detail, Pod Detail, Container Detail.
The built-in Kubernetes Navigator is a feature of Splunk Observability Cloud that provides a
comprehensive and intuitive way to monitor the performance and health of Kubernetes environments. It includes the following views:
✑ Map: A graphical representation of the Kubernetes cluster topology, showing the
relationships and dependencies among nodes, pods, containers, and services. You can use the map to quickly identify and troubleshoot issues in your cluster1
✑ Nodes: A tabular view of all the nodes in your cluster, showing key metrics such as
CPU utilization, memory usage, disk usage, and network traffic. You can use the nodes view to compare and analyze the performance of different nodes1
✑ Workloads: A tabular view of all the workloads in your cluster, showing key metrics
such as CPU utilization, memory usage, network traffic, and error rate. You can use the workloads view to compare and analyze the performance of different workloads, such as deployments, stateful sets, daemon sets, or jobs1
✑ Node Detail: A detailed view of a specific node in your cluster, showing key metrics
and charts for CPU utilization, memory usage, disk usage, network traffic, and pod count. You can also see the list of pods running on the node and their status. You can use the node detail view to drill down into the performance of a single node2
✑ Workload Detail: A detailed view of a specific workload in your cluster, showing
key metrics and charts for CPU utilization, memory usage, network traffic, error rate, and pod count. You can also see the list of pods belonging to the workload and their status. You can use the workload detail view to drill down into the performance of a single workload2
✑ Pod Detail: A detailed view of a specific pod in your cluster, showing key metrics
and charts for CPU utilization, memory usage, network traffic, error rate, and container count. You can also see the list of containers within the pod and their status. You can use the pod detail view to drill down into the performance of a single pod2
✑ Container Detail: A detailed view of a specific container in your cluster, showing
key metrics and charts for CPU utilization, memory usage, network traffic, error rate, and log events. You can use the container detail view to drill down into the performance of a single container2
To learn more about how to use Kubernetes Navigator in Splunk Observability Cloud, you can refer to this documentation3.
1: https://docs.splunk.com/observability/infrastructure/monitor/k8s-nav.html#Kubernetes-
Navigator 2: https://docs.splunk.com/observability/infrastructure/monitor/k8s-
nav.html#Detail-pages 3: https://docs.splunk.com/observability/infrastructure/monitor/k8s- nav.html