ExamGecko
Question list
Search
Search

Question 1 - SPLK-1001 discussion

Report
Export

What is the correct syntax to count the number of events containing a vendor_action field?

A.
count stats vendor_action
Answers
A.
count stats vendor_action
B.
count stats (vendor_action)
Answers
B.
count stats (vendor_action)
C.
stats count (vendor_action)
Answers
C.
stats count (vendor_action)
D.
stats vendor_action (count)
Answers
D.
stats vendor_action (count)
Suggested answer: C

Explanation:

The stats command calculates statistics based on fields in the events. The count function counts the number of events that match the criteria. The syntax is stats count (field_name), where field_name is the name of the field that contains the value to be counted. In this case, vendor_action is the field name, so stats count (vendor_action) is the correct syntax.

Reference:Splunk Core User Certification Exam Study Guide, page 23.


asked 23/09/2024
Yves ADINGNI
37 questions
NextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first