Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Go to Exam

Question 206

Which of the following is the appropriately formatted SPL search?

index=security sourcetype=linux_secure (invalid OR failed) | count as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | stats count as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | count stats as "Potential Issues"

index=security sourcetype=linux_secure (invalid OR failed) | stats as "Potential Issues"

Correct Answer: B

The appropriately formatted SPL search is 'index=security sourcetype=linux_secure (invalid OR failed) | stats count as "Potential Issues"'. This query correctly uses the 'stats' command with 'count' to aggregate the events that meet the criteria and labels this count as 'Potential Issues'.

Discussion

UvastaOption: B

B pdf page 55

UvastaOption: A

Is it not A