How do you add or remove fields from search results?
How do you add or remove fields from search results?
To add or remove fields from search results in Splunk, you use the 'fields' command. To add, you specify the fields you want to include, and to remove, you use a minus sign before the field names you want to exclude. Therefore, the correct usage is 'fields fieldname+' to add and 'fields fieldname-' to remove fields from the search results.
Correct answer C. The command is "fields" and not "field"
C.Use fields +to add and fields -to remove.
the correct answer is A for sure bcos you use + to add and - to remove. You dont type "plus" or "minus" cos splunk wont recognize it.
I completely agree with jake7, fields - is to remove
Technically none of them are correct. The answer is fields + to add and fields - to remove. I keep seeing C as the answer but at least the way the answer is displayed to me it shows fields "' as to remove and that is not correct
I have to go with C. "fields" is plural in the Splunk documentation not singular. In answer C, there is no minus sign to remove, but 2 symbols and a quotation mark in the answer. My assumption is that is a misprint. https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Fields#Syntax
use fields + to add add fields - to minus ..tested
fields - to remove**
A is correct
A is the correct answer
A is correct
Not sure what ''' is supposed to be but C is not correct. A is. ref - https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchReference/Fields#Syntax
Also as jake7 pointed out, none are technically correct. A is closest, add s to make fields and the answer is there.
C - Use fields + to add and fields - to remove (is the correct answer) "field is not a Splunk command, it is fields"
fields + and fields - are used
C is correct
"field" is not a valid Splunk command, it's "fields"
typo "fields-"
C is the correct