The Splunk administrator wants to ensure data is distributed evenly amongst the indexers.
To do this, he runs the following search over the last 24 hours:
index=*
What field can the administrator check to see the data distribution?
A . host
B . index
C . linecount
D . splunk_server
Answer: D
Explanation:
https://docs.splunk.com/Documentation/Splunk/8.2.2/Knowledge/Usedefaultfields splunk_server
The splunk server field contains the name of the Splunk server containing the event. Useful in a distributed Splunk environment. Example: Restrict a search to the main index on a server named remote. splunk_server=remote index=main 404
Latest SPLK-1003 Dumps Valid Version with 119 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund