Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Go to Exam

Question 202

What is the result of the following search?

index=myindex source=c:\mydata.txt NOT error=*

Only data where the value of the field error does not equal an asterisk (*) will be displayed.

Only data that does not contain the error field will be displayed.

Only data with a value in the field error will be displayed.

Only data where the error field is present and does not contain a value will be displayed.

Correct Answer: B

The search query index=myindex source=c:\mydata.txt NOT error=* will return events from the 'myindex' index, where the source is 'c:\mydata.txt' and the 'error' field is not present. The condition 'NOT error=*' filters out events that have any value in the 'error' field, which means it will only include events where the 'error' field does not exist.

Discussion

lordnatsOption: B

The search index=myindex source=c:\mydata.txt NOT error=* will return events from the "myindex" index, where the source is "c:\mydata.txt" and the "error" field is not present. The "NOT error=*" condition filters out events that have any value in the "error" field, leaving only events that do not contain the "error" field.

UvastaOption: B

B pdf page 55

Uvasta

I think is correct