By default, which of the following is a Selected Field?
By default, which of the following is a Selected Field?
By default, sourcetype is a Selected Field. Selected Fields in Splunk are predefined fields that are available for every event. These default fields include host, source, and sourcetype. Therefore, the correct answer is sourcetype.
Answer is D, page 79 in PDF
Selected Fields contain default Fields host,source and sourcetype. D is correct
D is correct.
The answer should be A. "Action"
action isn't a selected field, selected fields are by default: host, source and sourcetype. Action might be a interesting field depending or you events.