Which of the following is a best practice when writing a search string?
_______________ transforms raw data into events and distributes the results into an index.
When sorting on multiple fields with the sort command, what delimiter can be used between the field names in the search?
All components are installed and administered in Splunk Enterprise on-premise.
