Splunk Exam SPLK-1002 Topic 6 Question 103 Discussion

Actual exam question for Splunk's SPLK-1002 exam

Question #: 103
Topic #: 6

[All SPLK-1002 Questions]

For the following search, which command would further filter for only IP addresses present more than five times?

Aindex=games I stats count as IP_count by IP B. | where IP_count > 5

Bindex=games | search IP_Count > 5

Cindex=games | where IP > 5

Dindex=games I search IP > 5

Show Suggested Answer

Suggested Answer: A

To filter for only IP addresses that appear more than five times in the search results for index=games, you can use a combination of the stats and where commands. The stats command counts the occurrences of each IP address and assigns the count to IP_count. The where command then filters the results to include only those IP addresses with a count greater than five.

Here is how the complete search would look:

index=games | stats count as IP_count by IP | where IP_count > 5

Splunk Docs: stats command

Splunk Docs: where command

Splunk Answers: Filtering results using stats and where commands

by Rasheeda at Nov 18, 2024, 02:12 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!