Splunk Core Certified Power User — Question 153
What field delimiter should be used for the event below?
2023-10-25:11:30:00.000 Logout john.doe Chromium splunk.com
Answer options
- A. tab
- B. comma
- C. space
- D. pipe
Correct answer: C
Explanation
The correct answer is C, space, because the fields in the event are separated by spaces. Using a tab, comma, or pipe would not accurately represent the structure of the event as they do not correspond to the actual delimiters present.