Splunk Enterprise Security Certified Admin — Question 22

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

Answer options

• A. $fieldname$
• B. ג€fieldnameג€
• C. %fieldname%
• D. _fieldname_

Correct answer: A

Explanation

The correct answer is A, as the $fieldname$ format is specifically designed for embedding field values in Splunk's correlation searches. The other options (B, C, and D) do not conform to the required syntax for this purpose and will not produce the desired results.