Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Go to Exam

Question 168

The better way of writing search query for index is:

index=a index=b

(index=a OR index=b)

index=(a & b)

index = a, b

Correct Answer: B

The correct way of writing a search query to include results from multiple indexes is to use the logical operator OR between the indexes. This ensures that the search query returns results that are present in either of the specified indexes. Therefore, the form (index=a OR index=b) is the appropriate choice.

Discussion

lalalandcOption: B

B is correct, page 92

Learner2022Option: B

A does not make sense according to me. Because I think that data cannot be in 2 indexes at a time. Hence A will return no results.

Learner2022

Hence B remains the only plausible answer.

yury

Could someone point out where this is documented please.

Cychick

https://github.com/subbukandula/Splunk/blob/master/Splunk%206.X%20Fundamentals%20Part%201%20(eLearning).pdf