SPLK-1001 Exam QuestionsBrowse all questions from this exam

SPLK-1001 Exam - Question 50

Which search string returns a filed containing the number of matching events and names that field Event Count?

index=security failure | stats sum as ג€Event Countג€

index=security failure | stats count as ג€Event Countג€

index=security failure | stats count by ג€Event Countג€

index=security failure | stats dc(count) as ג€Event Countג€

Show Answer

Correct Answer: B

The correct search string requires counting the number of matching events and naming that field 'Event Count'. The appropriate function to count events in Splunk is 'stats count', and to rename the resulting field, we use 'as'. Therefore, the correct search string is 'index=security failure | stats count as Event Count'.

Discussion

9 comments

shergarOption: B

Sep 23, 2022

By is how grouping occurs, AS renames the field. The question ask for the search string that names the number of matching events (count) Event Count.

Ufuk_AriOption: B

Sep 23, 2022

Definitely B

SunsilOption: B

Dec 19, 2022

B is the correct answer

sridevi3018Option: C

Oct 5, 2023

C is the correct answer...

wolfsenseOption: B

Oct 27, 2023

B has the only correct syntax that also renames the field to Event Count.

hashed_ponyOption: C

Dec 8, 2023

"stats count AS" will rename the field given, "stats count BY" will count the number of instances of the field given. Right answer is C.

LonnyOption: B

Dec 21, 2023

It's B

b0d4564Option: C

Feb 20, 2024

Looks like C to me

dwuanklkOption: B

Apr 11, 2024

B is the correct