Exam SPLK-1001 All QuestionsBrowse all questions from this exam
Go to Exam
Question 1

Which search string only returns events from hostWWW3?

    Correct Answer: B

    To search for events solely from hostWWW3, the correct search string must precisely match the host value. The search string 'host=WWW3' does exactly that, as it specifies the exact host name without using any wildcards which could include other hosts. Therefore, the correct answer is 'host=WWW3'.

Discussion
G4ct756Option: B

A. Will returns multiple field values from host field. C. Will return multiple field values starting with "WWW " D. will return nothing, as field name is case sensitive. Therefore, B is correct. field name fit metadata field name, and field value is specific.

jb844

Passed - Read Comments and investigate both sides of of "it's A or B." All the questions were on the exam 10/23 with only one in a different format than here. Will passed easily if understand why or even just know the answers.

bekaveg488

Just completed the exam and passed. Almost all questions came from here. https://www.pinterest.com/pin/937522847421549842

Adri300Option: B

b is correct

Alex_Cyber_SecOption: B

B is correct. host = * wildcard will return all possibilities www* - returns not only www3 Host = incorrect because it case sensitive

Janna05Option: B

B For sure

igorgOption: B

answer is correct B. host=WWW3

Sankardevarajan1986Option: B

Ans : B host=WWW3

JH94Option: B

B is correct; field names are case sensitive, field values are not

cagdaskarabagOption: B

correct answer: B

NikhilfwdOption: B

B is the correct answer

qtygbapjpesdayazkoOption: B

answer is correct

qtygbapjpesdayazko

Is correct

HUGOTEOption: B

B is the correct answer

Royal7Option: B

B is the correct answer

labarcaremo635Option: B

B is correct. it asks for ONLY events from host WWW3

bigmillsOption: C

C For sure