Examice

Exam SPLK-2002 All QuestionsBrowse all questions from this exam

Question 73

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)

The field was extracted as a private knowledge object.

The events are tagged as communicate, but are missing the network tag.

The Typing Queue, which does regular expression replacements, is blocked.

The colleague did not explicitly use the field in the search and the search was set to Fast Mode.

Correct Answer: A, D

If the field was extracted as a private knowledge object, it would only be visible to the user who created the extraction unless they share it, which explains why their colleague cannot see it. Additionally, if the colleague did not explicitly use the field in the search and the search was set to Fast Mode, Splunk might not display all available fields to optimize search performance.

Discussion

sadhkaOption: A

A and D

manu78Option: A

A and D are correct

RedtonyeahOption: A

A and D

wirix25718

page 101 troubleshooting

KiranVM

Could be A and D

minombrerodrigoOption: A

A and D is correct