SPLK-2002 Exam QuestionsBrowse all questions from this exam

SPLK-2002 Exam - Question 73

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)

The field was extracted as a private knowledge object.

The events are tagged as communicate, but are missing the network tag.

The Typing Queue, which does regular expression replacements, is blocked.

The colleague did not explicitly use the field in the search and the search was set to Fast Mode.

Show Answer

Correct Answer: AD

If the field was extracted as a private knowledge object, it would only be visible to the user who created the extraction unless they share it, which explains why their colleague cannot see it. Additionally, if the colleague did not explicitly use the field in the search and the search was set to Fast Mode, Splunk might not display all available fields to optimize search performance.

Discussion

6 comments

sadhkaOption: A

Sep 11, 2020

A and D

manu78Option: A

Apr 19, 2021

A and D are correct

RedtonyeahOption: A

Mar 4, 2022

A and D

minombrerodrigoOption: A

Jan 9, 2023

A and D is correct

KiranVM

Mar 15, 2023

Could be A and D

wirix25718

Apr 19, 2023

page 101 troubleshooting