Splunk Core Certified User — Question 78
At index time, in which field does Splunk store the timestamp value?
Answer options
- A. time
- B. _time
- C. EventTime
- D. timestamp
Correct answer: B
Explanation
The correct answer is B, as Splunk specifically uses the _time field to store the timestamp value at index time. The other options, while related to time, are either incorrect field names or do not represent how Splunk manages timestamp storage.