How does Splunk determine which fields to extract from data?
How does Splunk determine which fields to extract from data?
Splunk automatically discovers many fields based on sourcetype and key/value pairs found in the data. This allows Splunk to extract meaningful information from various data sources without requiring manual specification by users.
D is correct
D is correct. B may seem correct but according to the pdf pg. 77, Prior to search time, some fields are already stored with the event in the index: meta fields like host, source, sourcetype and index as well as internal fields such as _time and _raw.