Splunk Enterprise Certified Architect — Question 74

A customer creates a saved search that runs on a specific interval.

Which internal Splunk log should be viewed to determine if the search ran recently?

Answer options

Correct answer: B

Explanation

The correct answer is B, scheduler.log, as it records the execution status of scheduled searches, including when they run and any errors that may occur. The other logs serve different purposes: kvstore.log is for key-value store operations, metrics.log provides performance metrics, and btool.log is used for configuration troubleshooting.