Examice

Exam SPLK-1001 All QuestionsBrowse all questions from this exam

Go to Exam

Question 50

Which search string returns a filed containing the number of matching events and names that field Event Count?

index=security failure | stats sum as ג€Event Countג€

index=security failure | stats count as ג€Event Countג€

index=security failure | stats count by ג€Event Countג€

index=security failure | stats dc(count) as ג€Event Countג€

Correct Answer: B

The correct search string requires counting the number of matching events and naming that field 'Event Count'. The appropriate function to count events in Splunk is 'stats count', and to rename the resulting field, we use 'as'. Therefore, the correct search string is 'index=security failure | stats count as Event Count'.

Discussion

shergarOption: B

By is how grouping occurs, AS renames the field. The question ask for the search string that names the number of matching events (count) Event Count.

sridevi3018Option: C

C is the correct answer...

SunsilOption: B

B is the correct answer

Ufuk_AriOption: B

Definitely B

dwuanklkOption: B

B is the correct

b0d4564Option: C

Looks like C to me

LonnyOption: B

It's B

hashed_ponyOption: C

"stats count AS" will rename the field given, "stats count BY" will count the number of instances of the field given. Right answer is C.

wolfsenseOption: B

B has the only correct syntax that also renames the field to Event Count.