Splunk Core Certified Power User — Question 5

What do events in a transaction have in common?

Answer options

• A. All events in a transaction must have the same timestamp.
• B. All events in a transaction must have the same sourcetype.
• C. All events in a transaction must have the exact same set of fields.
• D. All events in a transaction must be related by one or more fields.

Correct answer: D

Explanation

The correct answer is D because events in a transaction need to be related to one another through shared fields to maintain the context of the transaction. Options A, B, and C are incorrect as events can have different timestamps, sourcetypes, and fields while still being part of the same transaction.