What is the correct syntax to find events associated with a tag?
What is the correct syntax to find events associated with a tag?
The correct syntax to find events associated with a tag is tag=<value>. This syntax searches for all events that have the specified tag, regardless of the fields associated with it.
The answers here have a typo. The actual answer is A, bit with an extra colon. In the test it said tag::<field>=value, which is the correct answer.
tag::<field>=<value> I mean, that was one of the answersing possibilities in the test.
Search for tagged field values You have two ways to search for tags. To search for a tag associated with a value in any field, use the following syntax: tag=<tagname> To search for a tag associated with a value in a specific field, use the following syntax: tag::<field>=<tagname>
See link posted by ergril
https://docs.splunk.com/Documentation/Splunk/9.0.1/Knowledge/Abouttagsandaliases To search for all routers in San Francisco that are not in Building1, use the following search. tag=router tag=SF NOT (tag=Building1)
A is right
B. tags=<value> seems to be OK
No D without "s" on tag D. tag=<value>
Technically none of them are correct, there is only a single :, should be ::
I think it's D because you search for all events with that tag, regardless of the fields that are associated with that.
Answer is D. kirtak's explaination is spot on.
Correct answer is D