Solved

How Should an Administrator Add a New Lookup Through the ES

Question 28

Multiple Choice

How should an administrator add a new lookup through the ES app?


A) Upload the lookup file in Settings -> Lookups -> Lookup Definitions
B) Upload the lookup file in Settings -> Lookups -> Lookup table files
C) Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups Add the lookup file to /etc/apps/SplunkEnterpriseSecuritySuite/lookups
D) Upload the lookup file using Configure -> Content Management -> Create New Content -> Managed Lookup

Correct Answer:

verifed

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Related Questions

Q23: ES needs to be installed on a

Q24: After installing Enterprise Security, the distributed configuration

Q25: When investigating, what is the best way

Q26: Which of the following ES features would

Q27: Where are attachments to investigations stored?
A) KV

Q29: A site has a single existing search

Q30: What feature of Enterprise Security downloads threat

Q31: An administrator is provisioning one search head

Q32: When ES content is exported, an app

Q33: Who can delete an investigation?
A) ess_admin users

Unlock this Answer For Free Now!

View this answer and more for free by performing one of the following actions

qr-code

Scan the QR code to install the App and get 2 free unlocks

upload documents

Unlock quizzes for free by uploading documents