A new Splunk user wants to view the raw event data for the last hour. Which interface should they use?
Trap 1: Search History
Shows past search queries.
Trap 2: Settings
For configuration, not event viewing.
Trap 3: Data Summary
Shows data sources, not raw events.
- A
Search History
Why wrong: Shows past search queries.
- B
Settings
Why wrong: For configuration, not event viewing.
- C
Data Summary
Why wrong: Shows data sources, not raw events.
- D
Search & Reporting
Main interface for searching raw events.