Which of the following may explain the problem?

Posted by: Pdfprep Category: SPLK-2002 Tags: SPLK-2002 exam questions, SPLK-2002 practice exam, Splunk Enterprise Architect Post Date: November 10, 2020

A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip.

Which of the following may explain the problem? (Select all that apply.)
A . The field was extracted as a private knowledge object.
B . The events are tagged as communicate, but are missing the network tag.
C . The Typing Queue, which does regular expression replacements, is blocked.
D . The colleague did not explicitly use the field in the search and the search was set to Fast Mode.

Answer: D

Explanation:

Reference: https://answers.splunk.com/answers/657187/map-command-field-not-being-evaluated.html

Which of the following may explain the problem?

Author

Leave a Reply Cancel reply