By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
By default, which of the following fields would be listed in the fields sidebar under interesting Fields?
The default fields that appear in the interesting fields sidebar in Splunk are typically those that are not already preselected in the selected fields section. In Splunk, the fields 'host', 'source', and 'sourcetype' are displayed by default under the Selected Fields section. This leaves 'index' as the field that is displayed under Interesting Fields by default. Therefore, 'index' is the correct answer.
B is correct
host, source and sourcetype are listed under "Selected Fields" not "interesting fields".
Host, source, and sourcetype are in the selected field section by default. Which leaves index for the interesting fields section right below on the sidebar.
ANSWER IS B
SELECTED FIELDS host 2 source 2 sourcetype Answer is B. Index doesn't fall under selected field.
https://docs.splunk.com/Documentation/Splunk/9.0.0/SearchTutorial/Aboutthesearchapp
index is not preselected that's why it's in interesting fields.
host, source & sourcetype are displayed, by default, under Selected Fields, so these answers are incorrect. Index is the correct answer, because it's the only one that is left and also because under Interesting Fields, all the fields are displayed that are present in at least 20% of the results. This would be the case for index, because all events are always part of an index. So the correct answer is B
index is correct answer
B - index (is the correct answer) "By default, host, source, and sourcetype are displayed under Selected Fields"
B is correct
Index is the correct answer, try it out!!
index is the correct answer
host, source & sourcetype are displayed, by default, under Selected Fields
It is ACD slide 60 of Splunk Fundamentals 1
Instead of "Interesting Fields", it should say "Selected Fields"
This question is confusing.nteresting fields are key-value pairs that Splunk extracts when searching the data. When you dispatch a search, Splunk will try to identify delimiters such as an equal sign or colon and assign the value on the left as the field and the value on the right as the value. It will then take these key-value pairs and list them under interesting fields if that fields is atleast 20% of the search range by default. You can pop open the fields at the bottom of the selection and select any fields that you want at the top and they become selected fields.https://community.splunk.com/t5/Archive/What-is-an-interesting-field/m-p/417956. I think the correct answer is A, C,D
It would have been. if that is multiple questions. It is a trick question however. And thats is why A,C,D fields are Selected by default. Whereas Index is not and it is located in Interesting fields by default. Hence Correct answer is B