Exam SPLK-1002 All QuestionsBrowse all questions from this exam
Go to Exam
Question 97

Consider the following search:

index=web sourcetype=access_combined

The log shows several events that share the same JSESSIONID value (SD421K26502F783). View the events as a group.

From the following list, which search groups events by JSESSIONID?

    Correct Answer: A

    To group events by JSESSIONID, the correct approach involves using the transaction command, which groups events that share the same field value. The correct search syntax is index=web sourcetype=access_combined | transaction JSESSIONID. This search will group all the events that share the same JSESSIONID value into a single transaction event. While there appears to be a typo in the provided option (index-web instead of index=web), the fundamental logic of using the transaction command aligns with the search requirement. Therefore, this option is correct based on its intent and functionality.

Discussion
CookiesAreOPOption: A

I think the answer is A. It is the only option that groups the events.

Nerzul007Option: D

It can't be A as index-web is a wrong syntax

anonyuserOption: A

concern about a is that there is a hyphen between index and web instead of equal sign

kirtakOption: D

All of them do not fulfill the request to group - A and B have wrong index syntax, C will just list a table with a single JSESSIONID which leaves D as the closest to an answer. If it was index= in A it would have been the correct answer

jb844Option: D

index=wed, not -A

StevenBzhOption: A

The 2 first have a typo, index-web should be index=web. In the real exam it is written correctly, so the correct answer is then A - using the | transaction JSESSIONID

CactiAZOption: A

It's definitely A. I think this question has a typo and the question was really supposed to start with index=web rather than index-web. No other answers fit.

Harrysa

index-web this could be a typo not sure

HarrysaOption: A

This is Def A - The Transaction command groups events

Alexi2415Option: D

the answer is D , i tried them all , D is the only one that works

UlquiorrarOption: A

only correct answers SPL don't find index- , got = it not miss typo is buggy question

Alexi2415Option: D

Answer should be D, I tried both A and D but since A index-web which is wrong

Sankardevarajan1986Option: A

Answer A typo error index=web is correct.

Dree_DoggOption: A

"View the events as a group" = transaction

Dree_DoggOption: A

A is correct "View the events as a group" = transaction

raizen11Option: A

A is the correct ans. D is giving error

JalrikOption: D

The answer is D.