Splunk Core Certified User — Question 57

Which Field/Value pair will return only events found in the index named security?

Answer options

• A. Index=Security
• B. index=Security
• C. Index=security
• D. index!=Security

Correct answer: B

Explanation

The correct answer is B because Splunk is case-sensitive with index names, and 'index=Security' refers to a different index than 'index=security'. Options A and C also do not match the exact case required, and D is incorrect because it excludes the Security index instead of including it.