Splunk Exam SPLK-1002 Topic 8 Question 82 Discussion

Actual exam question for Splunk's SPLK-1002 exam

Question #: 82
Topic #: 8

[All SPLK-1002 Questions]

Consider the following search:

index=web sourcetype=access_corabined

The log shows several events that share the same jsesszonid value (SD462K101O2F267). View the events as a group.

From the following list, which search groups events by jSSESSIONID?

Aindex=web sourcetype=access_combined I transaction JSESSZONID I search SD462K101C2F267

Bindex=web sourcetype=access_combined SD462K101O2F267 | table JSESSIONID

Cindex=web sourcetype=access_combined | highlight JSESSIONID | search SD462K101O2F267

Dindex=web sourcetype=access_combined JSESSTONID <SD42K101O2F267>

Show Suggested Answer

Suggested Answer: A

The transaction command groups events that share a common value in a specified field, such as JSESSIONID, and that occur within a specified time range. The search command filters the results to show only the events that match the given value of JSESSIONID.This search groups the events by JSESSIONID and then shows only the events that have the value SD462K101C2F267 for JSESSIONID2

1: Splunk Core Certified Power User Track, page 9.2: Splunk Documentation, transaction command.

by Maurine at Mar 06, 2024, 03:53 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Keena

5 months ago

That's a good point, Mozell. I see why C) could be the correct answer now.

upvoted 0 times

...

Mozell

5 months ago

I think C) is the right answer because it uses 'highlight' to group events by JSESSIONID

upvoted 0 times

...

Carlene

5 months ago

But A) specifically uses 'transaction' to group events, which is what the question is asking for

upvoted 0 times

...

Keena

5 months ago

I disagree, I believe the correct answer is B)

upvoted 0 times

...

Carlene

5 months ago

I think the answer is A)

upvoted 0 times

...

Twana

5 months ago

I think C is the correct answer because it highlights the JSESSIONID and then searches for SD462K101O2F267.

upvoted 0 times

...

Brynn

6 months ago

Because it uses the table command to display the JSESSIONID.

upvoted 0 times

...

Annice

6 months ago

Why do you think B is the correct answer?

upvoted 0 times

...

Brynn

6 months ago

I disagree, I believe the correct answer is B.

upvoted 0 times

...

Annice

7 months ago

I think the answer is A.

upvoted 0 times

...