Which knowledge Object does the Splunk Common Information Model (CIM) use to normalize data. in addition to field aliases, event types, and tags?

Which knowledge Object does the Splunk Common Information Model (CIM) use to normalize data. in addition to field aliases, event types, and tags?
A . Macros
B . Lookups
C . Workflow actions
D . Field extractions

Answer: B

Explanation:

Normalize your data for each of these fields using a combination of field aliases, field extractions, and lookups.

https://docs.splunk.com/Documentation/CIM/4.15.0/User/UsetheCIMtonormalizedataatsear chtime

Which knowledge Object does the Splunk Common Information Model (CIM) use to normalize data. in addition to field aliases, event types, and tags?

Author

Leave a Reply Cancel reply