Data model are composed of one or more of which of the following datasets? (select all that apply.)

Data model are composed of one or more of which of the following datasets? (select all that apply.)
A . Events datasets
B . Search datasets
C . Transaction datasets
D . Any child of event, transaction, and search datasets

Answer: A, B, C

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/Aboutdatamodels

Data models are collections of datasets that represent your data in a structured and hierarchical way. Data models define how your data is organized into objects and fields. Data models can be composed of one or more of the following datasets:

Events datasets: These are the base datasets that represent raw events in Splunk. Events datasets can be filtered by constraints, such as search terms, sourcetypes, indexes, etc.

Search datasets: These are derived datasets that represent the results of a search on events or other datasets. Search datasets can use any search command, such as stats, eval, rex, etc., to transform the data.

Transaction datasets: These are derived datasets that represent groups of events that are related by fields, time, or both. Transaction datasets can use the transaction command or event types with transactiontype=true to create transactions.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments