Splunk Enterprise Certified Architect — Question 79
In splunkd.log events written to the _internal index, which field identifies the specific log channel?
Answer options
- A. source
- B. channel
- C. component
- D. sourcetype
Correct answer: C
Explanation
The correct answer is C, as the 'component' field is used to identify the specific log channel in splunkd.log events. The other options, such as 'source', 'channel', and 'sourcetype', do not specifically denote the log channel and serve different purposes in indexing and categorization.