SPLK-1002 · Question #8
SPLK-1002 Question #8: Real Exam Question with Answer & Explanation
The correct answer is B: Creates a table of the total count of mysterymeat corndogs split by user.. The search string below creates a table of the total count of mysterymeat corndogs split by user. | stats count by user | where corndog=mysterymeat The search string does the following: It uses the stats command to calculate the count of events for each value of the user field. T
Question
What does the following search do? index=corndog type= mysterymeat action=eaten | stats count as corndog_count by user
Options
- ACreates a table of the total count of users and split by corndogs.
- BCreates a table of the total count of mysterymeat corndogs split by user.
- CCreates a table with the count of all types of corndogs eaten split by user.
- DCreates a table that groups the total number of users by vegetarian corndogs.
Explanation
The search string below creates a table of the total count of mysterymeat corndogs split by user. | stats count by user | where corndog=mysterymeat The search string does the following: It uses the stats command to calculate the count of events for each value of the user field. The stats command creates a table with two columns: user and count. It uses the where command to filter the results by the value of the corndog field. The where command only keeps the rows where corndog equals mysterymeat. Therefore, the search string creates a table of the total count of mysterymeat corndogs split by
Topics
Community Discussion
No community discussion yet for this question.