nerdexam
Splunk

SPLK-3002 · Question #13

SPLK-3002 Question #13: Real Exam Question with Answer & Explanation

The correct answer is B. <fieldname /fieldname>. B is the correct answer because dynamic field values can be specified with <fieldname /fieldname> syntax within a correlation search. This syntax allows you to insert values from fields returned by the correlation search into alert actions such as email subject or body. For examp

Question

Within a correlation search, dynamic field values can be specified with what syntax?

Options

  • Afieldname
  • B<fieldname /fieldname>
  • C%fieldname%
  • Deval(fieldname)

Explanation

B is the correct answer because dynamic field values can be specified with <fieldname /fieldname> syntax within a correlation search. This syntax allows you to insert values from fields returned by the correlation search into alert actions such as email subject or body. For example, <host /host> inserts the value of the host field into the email.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-3002 Practice
Within a correlation search, dynamic field values can be specified... | SPLK-3002 Q#13 Answer | NerdExam