SplunkSplunk
SPLK-1002 · Question #53
SPLK-1002 Question #53: Real Exam Question with Answer & Explanation
The correct answer is C: sourcetype=access_* | stats max(bytes). See the full explanation below for the reasoning.
Basic Transforming Commands
Question
Which of the following commands will show the maximum bytes?
Options
- Asourcetype=access_* | maximum totals by bytes
- Bsourcetype=access_* | avg (bytes)
- Csourcetype=access_* | stats max(bytes)
- Dsourcetype=access_* | max(bytes)
Topics
#Splunk Search Language#stats command#aggregation functions#max function
Community Discussion
No community discussion yet for this question.