Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Splunk Exam SPLK-1001 Topic 1 Question 99 Discussion

Actual exam question for Splunk's SPLK-1001 exam
Question #: 99
Topic #: 1
[All SPLK-1001 Questions]

Which of the following is the appropriately formatted SPL search?

Show Suggested Answer Hide Answer
Suggested Answer: A

This is the appropriately formatted SPL search because it follows the SPL syntax rules12, such as:

Using the=operator to specify field-value pairs, such asindex=securityandsourcetype=linux.

Using theORoperator to combine multiple values for the same field, such as(invalid OR failed).

Using the|character to separate commands, such asstats count as 'Potential Issues'.

Using theaskeyword to rename fields, such ascount as 'Potential Issues'.


Contribute your Thoughts:

Justine
11 days ago
I'm not sure, but I think option D) index---security sourcetype=linux secure (invalid OR failed) | count as 'Potential Issues' might also be correct.
upvoted 0 times
...
Kenneth
13 days ago
I agree with Madelyn, option A seems to be the most appropriately formatted SPL search.
upvoted 0 times
...
Madelyn
14 days ago
I think the correct answer is A) index=security sourcetype=linux secure (invalid OR failed) | stats count as 'Potential Issues'.
upvoted 0 times
...
Renea
19 days ago
Haha, this question is a real brainteaser! I'm just glad I don't have to debug any of these SPL queries in real life. That's what the Splunk admins are for!
upvoted 0 times
Terry
4 days ago
User 1: I know, right? These options are tricky!
upvoted 0 times
...
...
Kindra
29 days ago
C) has some weird dashes in the index field, so that can't be right. D) is close, but it's missing the 'stats' keyword.
upvoted 0 times
...
Shaniqua
1 months ago
I'm going with B). The 'as' keyword is supposed to come after the stats command, right?
upvoted 0 times
Shawna
8 days ago
B) index=security sourcetype=linux secure (invalid OR failed) | stats as \'Potential Issues\'
upvoted 0 times
...
Leigha
20 days ago
A) index=security sourcetype=linux secure (invalid OR failed) | stats count as \'Potential Issues\'
upvoted 0 times
...
...
Kimberlie
1 months ago
A) looks like the correct format to me. The pipe symbol, the stats command, and the 'as' keyword are all in the right places.
upvoted 0 times
Irma
27 days ago
User 2: I agree, the pipe symbol, stats command, and 'as' keyword are all in the right places.
upvoted 0 times
...
Bernardine
29 days ago
User 1: A) looks like the correct format to me.
upvoted 0 times
...
...

Save Cancel