SPLK-1001 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-1001 Exam - Question 28

By default, which of the following fields would be listed in the fields sidebar under interesting Fields?

Show Answer
Correct Answer: AB

The default fields that appear in the interesting fields sidebar in Splunk are typically those that are not already preselected in the selected fields section. In Splunk, the fields 'host', 'source', and 'sourcetype' are displayed by default under the Selected Fields section. This leaves 'index' as the field that is displayed under Interesting Fields by default. Therefore, 'index' is the correct answer.

Discussion

17 comments
Sign in to comment
nonee125Option: B
Jun 13, 2020

B is correct

OduroOption: B
Oct 5, 2020

SELECTED FIELDS host 2 source 2 sourcetype Answer is B. Index doesn't fall under selected field.

rakusuOption: B
Mar 4, 2021

ANSWER IS B

[Removed]Option: B
May 2, 2022

Host, source, and sourcetype are in the selected field section by default. Which leaves index for the interesting fields section right below on the sidebar.

TheRealSplunkieOption: B
Jul 19, 2023

host, source and sourcetype are listed under "Selected Fields" not "interesting fields".

sid2051Option: B
Aug 12, 2020

index is correct answer

MartyOption: B
Jan 26, 2021

host, source & sourcetype are displayed, by default, under Selected Fields, so these answers are incorrect. Index is the correct answer, because it's the only one that is left and also because under Interesting Fields, all the fields are displayed that are present in at least 20% of the results. This would be the case for index, because all events are always part of an index. So the correct answer is B

cagdaskarabagOption: B
May 18, 2022

index is not preselected that's why it's in interesting fields.

Steve2610Option: B
Jul 11, 2022

https://docs.splunk.com/Documentation/Splunk/9.0.0/SearchTutorial/Aboutthesearchapp

Nanila
Nov 30, 2020

This question is confusing.nteresting fields are key-value pairs that Splunk extracts when searching the data. When you dispatch a search, Splunk will try to identify delimiters such as an equal sign or colon and assign the value on the left as the field and the value on the right as the value. It will then take these key-value pairs and list them under interesting fields if that fields is atleast 20% of the search range by default. You can pop open the fields at the bottom of the selection and select any fields that you want at the top and they become selected fields.https://community.splunk.com/t5/Archive/What-is-an-interesting-field/m-p/417956. I think the correct answer is A, C,D

SpTester
Jan 3, 2021

It would have been. if that is multiple questions. It is a trick question however. And thats is why A,C,D fields are Selected by default. Whereas Index is not and it is located in Interesting fields by default. Hence Correct answer is B

Nanila
Nov 30, 2020

Instead of "Interesting Fields", it should say "Selected Fields"

SGBEBOption: A
Dec 4, 2020

It is ACD slide 60 of Splunk Fundamentals 1

CherotiOption: B
Mar 29, 2022

host, source & sourcetype are displayed, by default, under Selected Fields

SunsilOption: B
Dec 19, 2022

index is the correct answer

HuslayerOption: B
Jul 17, 2023

Index is the correct answer, try it out!!

LonnyOption: B
Dec 21, 2023

B is correct

CydeOption: B
Jun 26, 2024

B - index (is the correct answer) "By default, host, source, and sourcetype are displayed under Selected Fields"