Splunk Enterprise Security Certified Admin — Question 67

After managing source types and extracting fields, which key step comes next in the Add-On Builder?

Answer options

• A. Configure data collection.
• B. Validate and package.
• C. Create alert actions.
• D. Map to data models.

Correct answer: D

Explanation

The correct answer is D because mapping to data models is essential for ensuring that the data collected can be utilized effectively within Splunk's data model framework. Options A, B, and C are steps that may occur before or after this process, but they do not directly follow the management of source types and field extraction.