Splunk Enterprise Security Certified Analyst — Question 81

What does Splunk do when it indexes events?

Answer options

• A. Extracts the top 10 fields.
• B. Extracts metadata fields such as host, source, sourcetype.
• C. Performs parsing, merging, and typing processes on universal forwarders.
• D. Create report acceleration summaries.

Correct answer: B

Explanation

The correct answer is B because during indexing, Splunk extracts important metadata fields such as host, source, and sourcetype to understand the context of the data. The other options describe different processes or functionalities that do not occur specifically during the indexing phase.