Splunk Exam SPLK-1002 Topic 8 Question 68 Discussion

Actual exam question for Splunk's SPLK-1002 exam

Question #: 68
Topic #: 8

What are the expected search results from executing the following SPL command?

index=network NOT StatusCode=200

AEvery event in the network index that does not have a value in this field.

BEvery event in the network index that does not contain a StatusCode of 200 and excluding events that do not have a value in this field.

CEvery event in the network index that does not contain a StatusCode of 200, including events that do not have a value in this field.

DNo results as the syntax is incorrect, the != field expression needs to be used instead of the NOT operator.

Show Suggested Answer

Suggested Answer: C

by Dominque at Apr 01, 2023, 04:08 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shanice

8 days ago

I'm not sure, but I think D) No results as the syntax is incorrect, the != field expression needs to be used instead of the NOT operator.

upvoted 0 times

...

Lavera

10 days ago

I agree with Malcolm, because NOT excludes events with a specific value, while != excludes events with any value.

upvoted 0 times

...

Malcolm

12 days ago

I think the answer is B) Every event in the network index that does not contain a StatusCode of 200 and excluding events that do not have a value in this field.

upvoted 0 times

...

Jess

13 days ago

The correct answer is C. The NOT operator will include events that do not have a value in the StatusCode field, which is what the question is asking for.

upvoted 0 times

...