Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Question 165

NOT status = 100:

Will display result depending on the data.

Will return event where status field exist but value of that field is not 100.

Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.

Correct Answer: C

The expression 'NOT status=100' means that it will return all events where the status field exists but the value of that field is not 100, and it will also return all events where the status field does not exist. This is consistent with how logical negation works in filtering data.

Discussion

Steve2610Option: C

NOT status=100 mean, if the event doesn't have a field status, it will match.

MF55Option: C

"If you search with the NOT operator, every event is returned except the events that contain the value you specify. This includes events that do not have a value in the field."

kiki533Option: C

C is correct

Rider2053Option: C

C is right answer

sborisvOption: B

B is correct

arcswOption: B

It's B, try it on your instance, also C is not correct because your excluding a value not the field itself and A it´s not applicable because everything dependes on data

mkuOption: C

C is correct. https://docs.splunk.com/Documentation/Splunk/8.2.2/Search/NOTexpressions

arcsw

no, C is incorrect, youre only excluding a value not the field name