Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Question 176

Which search will return only events containing the word `error` and display the results as a table that includes the fields named action, src, and dest?

error | table action, src, dest

error | tabular action, src, dest

error | stats table action, src, dest

error | table column=action column=src column=dest

Correct Answer: A

To return only events containing the word `error` and display the results as a table including the fields named action, src, and dest, the correct search syntax in Splunk is `error | table action, src, dest`. This command filters the events for the keyword `error` and then formats the output as a table with the specified fields. Other options either use incorrect commands or redundant commands that do not align with Splunk's syntax.

Discussion

sunbirdOption: A

A is correct

nonee125Option: A

A is correct

SlyLampOption: A

I bet the admin failed this exam. Answer is A

sborisvOption: A

A. is correct For that construction of { | stats table aa,bb,cc } Splunk says "Error in 'stats' command: The argument 'table' is invalid."

stalloneOption: A

A is correct answer

AlfredLow95Option: A

A is confirmed

RequeteOption: A

A is correct

GlatOption: A

A is correct, stats already have an table output

kirtakOption: A

you cannot have two transforming commands next to each other

Alexi2415Option: A

both stats and table are "command" so A is correct

falssaOption: A

A is correct

iguessillsignupOption: A

page 103 in PDF for source. A is correct

LonnyOption: A

A is correct

Rider2053Option: A

A is right answer

Nandini_srOption: A

A is correct

labarcaremo635Option: A

A is correct, page 103 in PDF