A Splunk user successfully extracted an ip address into a field called src_ip. Their colleague cannot see that field in their search results with events known to have src_ip. Which of the following may explain the problem? (Select all that apply.)
A.
The field was extracted as a private knowledge object.
B.
The events are tagged as communicate, but are missing the network tag.
C.
The Typing Queue, which does regular expression replacements, is blocked.
D.
The colleague did not explicitly use the field in the search and the search was set to Fast Mode.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sadhka
Highly Voted 4 years, 5 months agomanu78
Highly Voted 3 years, 10 months ago580ce47
Most Recent 3 weeks, 3 days agoCactiAZ
4 months agowirix25718
1 year, 10 months agoKiranVM
1 year, 11 months agominombrerodrigo
2 years, 1 month agoRedtonyeah
2 years, 11 months ago