The fields command allows you to do which of the following? Select all that apply.
- Include fields (fields)
- Exclude fields (fields -)
- Include fields (fields +)
Include fields (fields)
Exclude fields (fields -)
Include fields (fields +)
At search time, if an event has an equal(=) sign, the data to the left is treated as a ______ and the data to the right is treated as a ______.
- lookup, sourcetype
- field name, sourcetype
- field name, value
- lookup, value
field name, value
Which of the following fields are default selected fields?
- source
- index
- sourcetype
- host
source
sourcetype
host
True or False: Fields are knowledge objects.
TRUE
FALSE
True
In the Fields sidebar, Interesting Fields occur in at least ________ of resulting events.
- 20%
- 50%
- 10%
- 3%
20%
To remove fields from a search, you would use the _________ command.
- fields-
- +fields
- fields+
- -fields
fields-
True or False: Once you rename a field, the new field name must be used in the rest of the search string.
FALSE
TRUE
True
At search time, _______ extracts fields from raw event data.
- fields command
- field discovery
- field extractor
field discovery
