Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Splunk Exam SPLK-1001 Topic 3 Question 93 Discussion

Actual exam question for Splunk's SPLK-1001 exam
Question #: 93
Topic #: 3
[All SPLK-1001 Questions]

Which search string returns a filed containing the number of matching events and names that field Event Count?

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

Ahmad
1 months ago
I'm going with B. It's the most straightforward way to get the job done. No need to overcomplicate things.
upvoted 0 times
...
Alona
1 months ago
Haha, I bet the person who wrote option D was just trying to be fancy with that 'dc(count)' thing. Sounds like a trick question to me!
upvoted 0 times
Pearlie
1 days ago
A) index=security failure | stats sum as 'Event Count'
upvoted 0 times
...
...
Shanda
1 months ago
Option C seems a bit odd to me. Counting by 'Event Count' doesn't seem to make much sense in this context.
upvoted 0 times
...
Vanda
1 months ago
I think option B is the correct answer, as it uses the 'count' function to return the number of matching events and assigns it to the 'Event Count' field.
upvoted 0 times
Arlene
1 days ago
I agree, option B is the correct answer.
upvoted 0 times
...
...
Zona
2 months ago
I'm not sure, but I think D) index=security failure | stats dc(count) as 'Event Count' could also be correct.
upvoted 0 times
...
Caren
2 months ago
I agree with Trinidad, because 'count' is used to calculate the number of matching events.
upvoted 0 times
...
Trinidad
2 months ago
I think the answer is B) index=security failure | stats count as 'Event Count'.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77