nerdexam
Splunk

SPLK-1004 · Question #41

SPLK-1004 Question #41: Real Exam Question with Answer & Explanation

The correct answer is D. Admin. In Splunk, the Admin role (Option D) has the capability to use the Log Event alert action among many other administrative privileges. The Log Event alert action allows Splunk to create an event in an index based on the triggering of an alert, providing a way to log and track aler

Question

What default Splunk role can use the Log Event alert action?

Options

  • APower
  • BUser
  • Ccan_delete
  • DAdmin

Explanation

In Splunk, the Admin role (Option D) has the capability to use the Log Event alert action among many other administrative privileges. The Log Event alert action allows Splunk to create an event in an index based on the triggering of an alert, providing a way to log and track alert occurrences over time. The Admin role typically encompasses a wide range of permissions, including the ability to configure and manage alert actions.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-1004 Practice