SPLK-1002 Exam QuestionsBrowse all questions from this exam
Go to Exam

SPLK-1002 Exam - Question 97

Consider the following search:

index=web sourcetype=access_combined

The log shows several events that share the same JSESSIONID value (SD421K26502F783). View the events as a group.

From the following list, which search groups events by JSESSIONID?

Show Answer
Correct Answer: AD

To group events by JSESSIONID, the correct approach involves using the transaction command, which groups events that share the same field value. The correct search syntax is index=web sourcetype=access_combined | transaction JSESSIONID. This search will group all the events that share the same JSESSIONID value into a single transaction event. While there appears to be a typo in the provided option (index-web instead of index=web), the fundamental logic of using the transaction command aligns with the search requirement. Therefore, this option is correct based on its intent and functionality.

Discussion

17 comments
Sign in to comment
CookiesAreOPOption: A
Sep 19, 2022

I think the answer is A. It is the only option that groups the events.

Nerzul007Option: D
Mar 7, 2023

It can't be A as index-web is a wrong syntax

anonyuserOption: A
Oct 25, 2022

concern about a is that there is a hyphen between index and web instead of equal sign

kirtakOption: D
Apr 11, 2023

All of them do not fulfill the request to group - A and B have wrong index syntax, C will just list a table with a single JSESSIONID which leaves D as the closest to an answer. If it was index= in A it would have been the correct answer

Alexi2415Option: D
Mar 10, 2023

the answer is D , i tried them all , D is the only one that works

HarrysaOption: A
Apr 8, 2023

This is Def A - The Transaction command groups events

Harrysa
Apr 21, 2023

index-web this could be a typo not sure

CactiAZOption: A
Aug 10, 2023

It's definitely A. I think this question has a typo and the question was really supposed to start with index=web rather than index-web. No other answers fit.

StevenBzhOption: A
Oct 23, 2023

The 2 first have a typo, index-web should be index=web. In the real exam it is written correctly, so the correct answer is then A - using the | transaction JSESSIONID

jb844Option: D
Jan 12, 2024

index=wed, not -A

JalrikOption: D
Jan 19, 2023

The answer is D.

raizen11Option: A
Mar 27, 2023

A is the correct ans. D is giving error

Dree_DoggOption: A
Aug 16, 2023

"View the events as a group" = transaction

Dree_DoggOption: A
Aug 16, 2023

A is correct "View the events as a group" = transaction

Sankardevarajan1986Option: A
Dec 25, 2023

Answer A typo error index=web is correct.

Alexi2415Option: D
Feb 5, 2024

Answer should be D, I tried both A and D but since A index-web which is wrong

UlquiorrarOption: A
Mar 26, 2024

only correct answers SPL don't find index- , got = it not miss typo is buggy question