A security analyst needs to find all events where the field 'user' has a value that is either 'admin' or 'root', but the search is returning too many results from a noisy source. Which search best filters the events to only include those where the 'user' field exactly matches 'admin' or 'root'?
Select one:
Splunk often tests the distinction between exact match operators (`=`, `IN`) and wildcard patterns (...