Splunk
SPLK-5001 · Question #27
SPLK-5001 Question #27: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5001 to reveal the answer and full explanation for question #27. The question stem and answer options stay visible for context.
Question
An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?
Options
- Aindex=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -
- Bindex=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -
- Cindex=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -
- Dindex=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -
Unlock SPLK-5001 to see the answer
You've previewed enough free SPLK-5001 questions. Unlock SPLK-5001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.