SPLK-1001 Exam QuestionsBrowse all questions from this exam

SPLK-1001 Exam - Question 176

Which search will return only events containing the word `error` and display the results as a table that includes the fields named action, src, and dest?

error | table action, src, dest

error | tabular action, src, dest

error | stats table action, src, dest

error | table column=action column=src column=dest

Show Answer

Correct Answer: AC

To return only events containing the word `error` and display the results as a table including the fields named action, src, and dest, the correct search syntax in Splunk is `error | table action, src, dest`. This command filters the events for the keyword `error` and then formats the output as a table with the specified fields. Other options either use incorrect commands or redundant commands that do not align with Splunk's syntax.

Discussion

16 comments

sunbirdOption: A

Jul 1, 2020

A is correct

nonee125Option: A

Jun 13, 2020

A is correct

SlyLampOption: A

Aug 19, 2022

I bet the admin failed this exam. Answer is A

sborisvOption: A

Jul 13, 2022

A. is correct For that construction of { | stats table aa,bb,cc } Splunk says "Error in 'stats' command: The argument 'table' is invalid."

stalloneOption: A

Jul 23, 2020

A is correct answer

GlatOption: A

Sep 18, 2020

A is correct, stats already have an table output

RequeteOption: A

May 9, 2022

A is correct

AlfredLow95Option: A

Aug 11, 2022

A is confirmed

iguessillsignupOption: A

Nov 4, 2020

page 103 in PDF for source. A is correct

falssaOption: A

Jul 19, 2022

A is correct

Alexi2415Option: A

Mar 17, 2023

both stats and table are "command" so A is correct

kirtakOption: A

Mar 30, 2023

you cannot have two transforming commands next to each other

labarcaremo635Option: A

Nov 25, 2020

A is correct, page 103 in PDF

Nandini_srOption: A

Jun 15, 2021

A is correct

Rider2053Option: A

May 29, 2023

A is right answer

LonnyOption: A

Dec 21, 2023

A is correct