Splunk Core Certified User — Question 68

Which statement is true about Splunk alerts?

Answer options

• A. Alerts are based on searches that are either run on a scheduled interval or in real-time.
• B. Alerts are based on searches and when triggered will only send an email notification.
• C. Alerts are based on searches and require cron to run on scheduled interval.
• D. Alerts are based on searches that are run exclusively as real-time.

Correct answer: A

Explanation

The correct answer is A because Splunk alerts can be configured to trigger based on searches that run either on a scheduled basis or in real-time. Option B is incorrect as alerts can trigger various types of notifications, not just email. Option C is misleading because while cron can be used for scheduling, it is not a requirement for Splunk alerts, and option D is false since alerts can be based on both real-time and scheduled searches.