Splunk Core Certified User — Question 138

What is a quick, comprehensive way to learn what data is present in a Splunk deployment?

Answer options

• A. Review Splunk reports
• B. Run ./splunk show
• C. Click Data Summary in Splunk Web
• D. Search index=* sourcetype=* host=*

Correct answer: C

Explanation

The correct answer is C because clicking on Data Summary in Splunk Web provides a clear overview of the data indexed, including sources and types. Options A and B do not provide a direct overview of the data in the same comprehensive way, while option D offers a search method without summarizing the data structure.