When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?
When creating custom correlation searches in Splunk, the format used to embed field values in the title, description, and drill-down fields of a notable event is $fieldname$. This format allows the embedded field values to be dynamically replaced with actual values during runtime.
Answer is A
A is correct answer. IF you have had hands-on experience configuring Splunk before, you will know this.
A is correct
A is the correct answer
Yep pg 253 of course info
Can you post a link to the slides or course info ?
C is 100% correct. Read here https://docs.splunk.com/Documentation/ITSI/4.4.2/Configure/Createcorrelationsearch
Correct answer is A
CurryMuncher, the document you listed show $fieldname$ mention in the doc, also that document is for ITSI, not ES.
Friends, could you please confirm this answer or provide the source of answer A?