Splunk Core Certified User — Question 42
By default, which of the following is a Selected Field?
Answer options
- A. action
- B. clientip
- C. categoryId
- D. sourcetype
Correct answer: D
Explanation
The correct answer is D, sourcetype, as it is generally set as a default Selected Field in many data processing systems. The other options, while relevant fields, do not have this default status and may require manual selection to be included in queries or reports.