Splunk - Using Fields Quiz Questions and Answers Rated A+

Splunk - Using Fields Quiz Questions and Answers Rated A+ True or False: Fields are knowledge objects. (A) False (B) True (B) True At search time, if an event has an equal(=) sign, the data to the left is treated as a ______ and the data to the right is treated as a ______. (A) field name, value (B) field name, sourcetype (C) lookup, sourcetype (D) lookup, value (A) field name, value Brainpower Read More Previous Play Next Rewind 10 seconds Move forward 10 seconds Unmute 0:06 / 0:15 Full screen The fields command allows you to do which of the following? Select all that apply. (A) Exclude fields (fields -) (B) Include fields (fields) (C) Include fields (fields +) (A) Exclude fields (fields -) (B) Include fields (fields) (C) Include fields (fields +) In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events. (A) 20% (B) 3% (C) 50% (D) 10% (A) 20% True or False: Once you rename a field, the new field name must be used in the rest of the search string. (A) False (B) True (B) True To remove fields from a search, you would use the _________ command. (A) fields- (B) -fields (C) +fields (D) fields+ (A) fields- At search time, _______ extracts fields from raw event data. (A) field discovery (B) fields command (C) field extractor (A) field discovery Which of the following fields are default selected fields? (A) Host (B) Source (C) Sourcetype (D) Index (A) Host (B) Source (C) Sourcetype