Log files related to Splunk REST calls can be found in which indexes? (Select all that apply.)
Log files related to Splunk REST calls can be found in which indexes? (Select all that apply.)
Log files related to Splunk REST calls are associated with specific indexes that log various activities within Splunk. The _audit index logs user activity and changes in Splunk, while the _internal index contains Splunk's internal logs, including REST API call logs. Therefore, both _audit and _internal are relevant for finding log files related to Splunk REST calls. The _thefishbucket index deals with tracking indexed data inputs, and _blocksignature does not pertain to REST call logs, making these options incorrect.
A and B = correct. _audit and _internal contain logs. fish bucket contains information about where an input is left off in a file and/or which files have been processed. D does not exist.
this is the way
Could someone help me confirm the correctness of this answer