Splunk Core Certified Consultant — Question 33

Which of the following is an accurate statement about the delete command?

Answer options

• A. The delete command removes events from disk.
• B. By default, only admins can run the delete command.
• C. Events are virtually deleted by marking them as deleted.
• D. Deleting events reclaims disk space.

Correct answer: C

Explanation

The correct answer, C, is accurate because the delete command marks events as deleted rather than removing them from disk. Options A and D are incorrect since the command does not physically remove events from the disk or free up space. Option B is also wrong, as it is not solely restricted to admins by default.