Splunk Core Certified User — Question 140

Splunk extracts fields from event data at index time and at search time.

Answer options

Correct answer: A

Explanation

The correct answer is A because Splunk does indeed extract fields at both index time and search time, allowing for more flexible data analysis. Option B is incorrect as it suggests that Splunk only extracts fields at one of those times, which is not true.