Splunk SPLK-3002 Exam - Topic 14 Question 98 Discussion

Actual exam question for Splunk's SPLK-3002 exam

Question #: 98
Topic #: 14

What are valid considerations when designing an ITSI Service? (Choose all that apply.)

AService access control requirements for ITSI Team Access should be considered, and appropriate teams provisioned prior to creating the ITSI Service.

BEntities, entity meta-data, and entity rules should be planned carefully to support the service design and configuration.

CServices, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index.

DBackfill of a KPI should always be selected so historical data points can be used immediately and alerts based on that data can occur.

Show Suggested Answer

Suggested Answer: A, B, C

A, B, and C are correct answers because service access control requirements for ITSI Team Access should be considered before creating the ITSI Service, as different teams may have different permissions and views of the service data. Entities, entity meta-data, and entity rules should also be planned carefully to support the service design and configuration, as they determine how ITSI maps data sources to services and KPIs. Services, entities, and saved searches are stored in the ITSI app, while events created by KPI execution are stored in the itsi_summary index for faster retrieval and analysis. Reference:ITSI service design best practices,Overview of ITSI indexes

by Nobuko at May 29, 2026, 09:51 AM

Limited Time Offer

25%

Off

Get Premium SPLK-3002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!