Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
Splunk Discussions

Exam SPLK-1001 topic 1 question 202 discussion

Actual exam question from Splunk's SPLK-1001
Question #: 202
Topic #: 1
[All SPLK-1001 Questions]

What is the result of the following search?
index=myindex source=c:\mydata.txt NOT error=*

  • A. Only data where the value of the field error does not equal an asterisk (*) will be displayed.
  • B. Only data that does not contain the error field will be displayed.
  • C. Only data with a value in the field error will be displayed.
  • D. Only data where the error field is present and does not contain a value will be displayed.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by qtygbapjpesdayazko at Nov. 28, 2022, 4:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
lordnats
1 day, 13 hours ago
The search index=myindex source=c:\mydata.txt NOT error=* will return events from the "myindex" index, where the source is "c:\mydata.txt" and the "error" field is not present. The "NOT error=*" condition filters out events that have any value in the "error" field, leaving only events that do not contain the "error" field.
upvoted 1 times
...
Uvasta
3 months, 3 weeks ago
B pdf page 55
upvoted 1 times
...
Uvasta
3 months, 3 weeks ago
I think is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel