Splunk Infrastructure Overview — Question 15

Which field is required for an event annotation?

Answer options

• A. annotation category
• B. _time
• C. eventtype
• D. annotation label

Correct answer: B

Explanation

The correct answer is B, _time, because it is essential for defining when the event occurs. The other options, while relevant to event annotations, are not required fields for the annotation to be valid.