Which of the following statements describe calculated fields? (select all that apply)

Which of the following statements describe calculated fields? (select all that apply)
A . Calculated fields can be used in the search bar.
B . Calculated fields can be based on an extracted field.
C . Calculated fields can only be applied to host and sourcetype.
D . Calculated fields are shortcuts for performing calculations using the eval command.

View Answer

Answer: A, B, D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/8.0.3/Knowledge/definecalcfields

Calculated fields are fields that are created by performing calculations on existing fields using the eval command. Calculated fields can be used in the search bar to filter and transform events based on the calculated values. Calculated fields can also be based on an extracted field, which is a field that is extracted from raw data using various methods, such as regex, delimiters, lookups, etc. Calculated fields are not shortcuts for performing calculations using the eval command, but rather results of performing calculations using the eval command. Calculated fields can be applied to any field in Splunk, not only host and sourcetype.

Therefore, statements A, B, and D are true about calculated fields.