Splunk Core Certified User — Question 100

Which of the following fields is stored with the events in the index?

Answer options

• A. user
• B. source
• C. location
• D. sourceIp

Correct answer: B

Explanation

The correct answer is B, as the 'source' field is specifically designed to hold information about the origin of the event in the index. The other options, while they may exist in the data, are not guaranteed to be stored with every event in the index.