Splunk Core Certified User — Question 27
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
Answer options
- A. |
- B. $
- C. !
- D. ,
Correct answer: D
Explanation
The correct answer is D, as the comma is the designated delimiter for separating field names in the sort command. The other options, |, $, and !, are not recognized as valid delimiters in this context and will not correctly separate the fields.