Module 5: Basic Searching

Question 1

Search and Reporting App

Answer 1

Default for searching and analyzing data

Question 2

Knowledge objects, dashboards, reports created in….

Answer 2

Search and Reporting app

Question 3

Data Summary button

Answer 3

Look at data indexed by host, source, and sourcetypes

Question 4

Search app: Patterns tab

Answer 4

See patterns in data

Question 5

Search job vs. shared search job availability

Answer 5

10 minutes vs. 7 Days

Question 6

Fast Search mode

Answer 6

Search only default fields. Field discovery disabled.

Question 7

Verbose search mode

Answer 7

Returns all fields and event data

Question 8

Smart search mode

Answer 8

Default. Toggles between Fast and Verbose depending on search type

Question 9

Displayed timestamp defaults to

Answer 9

Local time zone of search console

Question 10

Wildcard

Answer 10

*

Question 11

Boolean operators

Answer 11

And, Or, Not

Question 12

Default Boolean operator if none is specified

Answer 12

and

this that = this AND that

Question 13

Boolean operations default order

Answer 13

1. Not
2. Or
3. And

Question 14

How do parenthesis affect search

Answer 14

Parenthesis evaluated first

Question 15

\ (backslash) character in search

Answer 15

Escape

Question 16

access_combined_wcookie source type

Answer 16

Web App

Question 17

db_audit source type

Answer 17

Database

Question 18

Bottom line of each event contains (3)

Answer 18

Host, source, sourcetype