Splunk
SPLK-5001 · Question #25
SPLK-5001 Question #25: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5001 to reveal the answer and full explanation for question #25. The question stem and answer options stay visible for context.
Question
When threat hunting for outliers in Splunk, which of the following SPL pipelines would filter for users with over a thousand occurrences?
Options
- A| sort by user | where count > 1000
- B| stats count by user | where count > 1000 | sort - count
- C| top user
- D| stats count(user) | sort - count | where count > 1000
Unlock SPLK-5001 to see the answer
You've previewed enough free SPLK-5001 questions. Unlock SPLK-5001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.