AZ-104 · Question #398
AZ-104 Question #398: Real Exam Question with Answer & Explanation
The correct answer is D: search in (Event) "error". To search a term in a specific table, add the table-name just after the search operator. There are several versions of this question in the exam. The question has two possible correct 1. Event | search "error" 2. Event | where EventType == "error" 3. search in (Event) "error" Oth
Question
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1. You need to view the error events from a table named Event. Which query should you run in Workspace1?
Options
- AGet-Event Event | where ($_.EventType -eq "error")
- BGet-Event Event | where ($_.EventType == "error")
- Csearch in (Event) * | where EventType -eq "error"
- Dsearch in (Event) "error"
- Eselect *from Event where EventType == "error"
- FEvent | where EventType is "error"
Explanation
To search a term in a specific table, add the table-name just after the search operator. There are several versions of this question in the exam. The question has two possible correct 1. Event | search "error" 2. Event | where EventType == "error" 3. search in (Event) "error" Other incorrect answer options you may see on the exam include the following: 1. Get-Event Event | where {$_.EventTye ג €"eq "error"} 2. Event | where EventType is "error" 3. search in (Event) * | where EventType ג €"eq "error" 4. select * from Event where EventType is "error" https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/search-queries https://docs.microsoft.com/en-us/azure/azure-monitor/log-query/get-started-portal https://docs.microsoft.com/en-us/azure/data- explorer/kusto/query/searchoperator?pivots=azuredataexplorer
Community Discussion
No community discussion yet for this question.