Consider the following search: index=web sourcetype=access_combined The log shows several events that share the same JSESSIONID value (SD421K26502F783). View the events as a group. From the following list, which search groups events by JSESSIONID?
A.
index-web sourcetype=access_combined | transaction JSESSIONID | search SD42IK26502F783
B.
index-web sourcetype=access_combined | highlight JSESSIONID | search SD421K26502F783
C.
index=web sourcetype=access_combined SD42IK26502F783 | table JSESSIONID
D.
index=web sourcetype=access_combined JSESSIONID <SD421K26502F783>
The 2 first have a typo, index-web should be index=web. In the real exam it is written correctly, so the correct answer is then A - using the | transaction JSESSIONID
It's definitely A. I think this question has a typo and the question was really supposed to start with index=web rather than index-web. No other answers fit.
All of them do not fulfill the request to group - A and B have wrong index syntax, C will just list a table with a single JSESSIONID which leaves D as the closest to an answer. If it was index= in A it would have been the correct answer
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CookiesAreOP
Highly Voted 2 years, 8 months agoNerzul007
Highly Voted 2 years, 3 months agojim22444
Most Recent 7 months, 2 weeks agojugabanhi
8 months, 2 weeks agoUlquiorrar
1 year, 2 months agoAlexi2415
1 year, 4 months agojb844
1 year, 5 months agoSankardevarajan1986
1 year, 5 months agoStevenBzh
1 year, 7 months agoDree_Dogg
1 year, 10 months agoDree_Dogg
1 year, 10 months agoCactiAZ
1 year, 10 months agoHarrysa
2 years, 1 month agokirtak
2 years, 2 months agoHarrysa
2 years, 2 months agoraizen11
2 years, 2 months agoAlexi2415
2 years, 3 months ago