Splunk Core Certified User — Question 145

The better way of writing search query for index is:

Answer options

• A. index=a index=b
• B. (index=a OR index=b)
• C. index=(a & b)
• D. index = a, b

Correct answer: B

Explanation

The correct answer is B because using 'OR' allows the search to return results from either index 'a' or index 'b'. Options A and D do not utilize proper syntax for querying multiple indexes, while option C incorrectly uses '&', which is not valid for this context.