A. <search type="annotation">
B. <search type=$annotation$>
C. <search type="event_annotation">
D. <search style="annotation">
A. More than 100k events in the search results, with a search and transforming command used in the search string.
B. More than 100k events in search results, with only a search command in the search string.
C. Fewer than 100k events in search results, with only a search and transaction command used in the search string.
D. Fewer than 100k events in search results, with transforming commands used in the search string.
A. Multivalue
B. Mvindex
C. Single value
D. Lexicographical
A. In the Search Job Inspector, after the search completes.
B. In the Search Job Inspector, while the search is running.
C. In the Dashboard Editor, while the search is running.
D. In the Dashboard Editor, after the search completes.
A. makemv must be preceded by the rex command.
B. It is specified by the delim argument.
C. makemv must be preceded by the erex command.
D. It is specified by the tokenizer argument.
A. Run a search that uses a lookup and save as an alert.
B. Follow a lookup with an alert command in the search bar.
C. Use the lookup dropdown in the alert configuration window.
D. Upload a lookup file directly to the alert.
A. field, host, source
B. No arguments are required.
C. input, output path
D. input, output, index
