Splunk Enterprise Security Certified Admin — Question 98

In order to include an eventtype in a data model node, what is the next step after extracting the correct fields?

Answer options

• A. Save the settings.
• B. Apply the correct tags.
• C. Run the correct search.
• D. Visit the CIM dashboard.

Correct answer: C

Explanation

The correct answer is C because running the correct search will help verify the eventtype and its associated fields within the data model. Options A, B, and D do not directly contribute to the process of validating and incorporating the eventtype after fields have been extracted.