Which Field/Value pair will return only events found in the index named security?
Which Field/Value pair will return only events found in the index named security?
The field 'index' is case-sensitive in Splunk, and the index names are typically lowercase. Therefore, to return only events found in the index named 'security', the correct field/value pair would be 'index=security'.
Answer is B. The key is index case sensitive.