Select the answer that displays the accurate placing of the pipe in the following search string: index=security sourcetype=access_* status=200 stats count by price
A.
index=security sourcetype=access_* status=200 stats | count by price
B.
index=security sourcetype=access_* status=200 | stats count by price
C.
index=security sourcetype=access_* status=200 | stats count | by price
D.
index=security sourcetype=access_* | status=200 | stats count by price
The correct answer is B.
The pipe in this search should be placed after the "status=200" criteria, as we want to select events where the status is 200 before we aggregate and count by price.
Option A incorrectly places the pipe after "stats", which would not filter for events with status=200 before counting.
Option C correctly uses the pipe but incorrectly places the count after the pipe instead of the stats command.
Option D incorrectly places the pipe after "index=security sourcetype=access_*", resulting in no filtering for events with status=200.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Vkah
1 week, 4 days agoJokerRWild
7 months, 2 weeks agoSlyLamp
1 year, 4 months agoamarachi_amazone
1 year, 4 months agoHUGOTE
1 year, 11 months agoAlex_Cyber_Sec
2 years, 5 months agomikelord
2 years, 6 months ago