How do you add or remove fields from search results?
How do you add or remove fields from search results?
To add or remove fields from search results in Splunk, you use the 'fields' command. To add, you specify the fields you want to include, and to remove, you use a minus sign before the field names you want to exclude. Therefore, the correct usage is 'fields fieldname+' to add and 'fields fieldname-' to remove fields from the search results.
C.Use fields +to add and fields -to remove.
Correct answer C. The command is "fields" and not "field"
Technically none of them are correct. The answer is fields + to add and fields - to remove. I keep seeing C as the answer but at least the way the answer is displayed to me it shows fields "' as to remove and that is not correct
I completely agree with jake7, fields - is to remove
the correct answer is A for sure bcos you use + to add and - to remove. You dont type "plus" or "minus" cos splunk wont recognize it.
Not sure what ''' is supposed to be but C is not correct. A is. ref - https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Fields#Syntax
Also as jake7 pointed out, none are technically correct. A is closest, add s to make fields and the answer is there.
A is correct
A is the correct answer
A is correct
use fields + to add add fields - to minus ..tested
fields - to remove**
I have to go with C. "fields" is plural in the Splunk documentation not singular. In answer C, there is no minus sign to remove, but 2 symbols and a quotation mark in the answer. My assumption is that is a misprint. https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Fields#Syntax
C is the correct
typo "fields-"
"field" is not a valid Splunk command, it's "fields"
C is correct
fields + and fields - are used
C - Use fields + to add and fields - to remove (is the correct answer) "field is not a Splunk command, it is fields"