SPLK-3002 Exam Dumps : Splunk IT Service Intelligence Certified Admin Exam

[Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/EA/TrimNECollections, ]

[Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/EntityRules, A is the correct answer because a service must define entity rules if the intention is for the KPIs in the service to filter to only entities assigned to the service. Entity rules are filters that match entities to services based on entity aliases or entity metadata. If you enable the Filter to Entities in Service option for a KPI, you need to define entity rules for the service to ensure that the KPI search results only include the relevant entities for the service. Otherwise, the KPI search results might include entities that are not part of the service or exclude entities that are part of the service. References: [Define entities for a service in ITSI], [Configure KPI settings in ITSI]]

[Reference: https://docs.splunk.com/Documentation/ITSI/4.10.2/SI/MKA, B is the correct answer because value over time is a valid type of Multi-KPI Alert in ITSI. A Multi-KPI Alert is a type of alert that triggers when multiple KPIs from one or more services meet certain conditions within a specified time range. Value over time is a condition that compares the current value of a KPI to its previous values over a specified time range. For example, you can create a Multi-KPI Alert that triggers when the CPU usage and memory usage of a service are both higher than their average values in the last 24 hours. References: [Create Multi-KPI alerts in ITSI], [Multi-KPI alert conditions in ITSI]]