nerdexam
ExamsSPLK-1002Questions#147
SplunkSplunk

SPLK-1002 · Question #147

SPLK-1002 Question #147: Real Exam Question with Answer & Explanation

The correct answer is C: successful_purchases. This is because event types are added to events as a field named eventtype, and you can use this field as a search term to find events that match a specific event type. For example, eventtype=successful_purchases returns all events that have been categorized as successful purchas

Filtering and Grouping Results

Question

Which search string would only return results for an event type called success ful_purchases?

Options

  • Atag=success ful_purchases
  • BEvent Type:: successful purchases
  • Csuccessful_purchases
  • Devent type--success ful_purchases

Explanation

This is because event types are added to events as a field named eventtype, and you can use this field as a search term to find events that match a specific event type. For example, eventtype=successful_purchases returns all events that have been categorized as successful purchases by the event type definition. The other options are incorrect because they either use a different field name (tag), a different syntax (Event Type:: or event type--), or have a typo (success ful_purchases). You can learn more about how to use event types in searches from the Splunk documentation.

Topics

#Event types#Splunk Search Language (SPL)#Filtering results#Basic search

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-1002 PracticeBrowse All SPLK-1002 Questions