Splunk Enterprise Security Certified Admin — Question 3

When creating custom correlation searches, what format is used to embed field values in the title, description, and drill-down fields of a notable event?

Answer options

• A. $fieldname$
• B. ג€fieldnameג€
• C. *fieldname*
• D. _fieldname_

Correct answer: A

Explanation

The correct answer is A, as the $fieldname$ syntax is specifically designed for embedding field values in Splunk. Options B, C, and D use incorrect formatting that does not function for this purpose, as they do not adhere to the required syntax for custom correlation searches.