Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-1002 Topic 5 Question 98 Discussion

Actual exam question for Splunk's SPLK-1002 exam
Question #: 98
Topic #: 5
[All SPLK-1002 Questions]

For the following search, which command would further filter for only IP addresses present more than five times?

Show Suggested Answer Hide Answer
Suggested Answer: A

To filter for only IP addresses that appear more than five times in the search results for index=games, you can use a combination of the stats and where commands. The stats command counts the occurrences of each IP address and assigns the count to IP_count. The where command then filters the results to include only those IP addresses with a count greater than five.

Here is how the complete search would look:

index=games | stats count as IP_count by IP | where IP_count > 5


Splunk Docs: stats command

Splunk Docs: where command

Splunk Answers: Filtering results using stats and where commands

by Madonna at Sep 15, 2024, 08:27 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Stefany
9 months ago
Haha, I'm just glad I don't have to remember all these Splunk commands. As long as it filters for the IPs I need, I'm good to go!
upvoted 0 times
...
Maricela
10 months ago
Hmm, I'm not sure. Option C looks a bit off, since 'IP > 5' doesn't seem to be checking for the count, just the value of IP. Maybe A or B are better choices.
upvoted 0 times
Ressie
8 months ago
User 3: Yeah, option C is definitely not the right choice. A or B would be better.
upvoted 0 times
...
Ona
9 months ago
User 2: I agree, option B doesn't seem to be filtering for the count specifically.
upvoted 0 times
...
Jordan
9 months ago
I think option A is correct. It uses 'stats count' to count the IP addresses.
upvoted 0 times
...
...
Doretha
10 months ago
But option B doesn't calculate the count of IP addresses, it just filters for IP_Count greater than 5. Option A is more accurate.
upvoted 0 times
...
Cathern
10 months ago
I disagree, I believe the correct answer is B) index=games | search IP_Count > 5
upvoted 0 times
...
Doretha
10 months ago
I think the answer is A) index=games I stats count as IP_count by IP B. | where IP_count > 5
upvoted 0 times
...
Richelle
10 months ago
I'm leaning towards B. The 'IP_Count > 5' part seems straightforward and gets the job done.
upvoted 0 times
Peter
9 months ago
Let's go with B then, it seems like the safest option.
upvoted 0 times
...
Vivan
9 months ago
I'm not sure, but B does seem like the most logical choice.
upvoted 0 times
...
Tommy
10 months ago
Agreed, the 'IP_Count > 5' filter is what we need.
upvoted 0 times
...
Raymon
10 months ago
I think B is the correct answer too.
upvoted 0 times
...
...
Reena
10 months ago
Option A looks good to me. The 'stats count as IP_count by IP' part should give us the count for each IP address, and then we can filter for the ones with more than 5 occurrences.
upvoted 0 times
Leah
10 months ago
Yeah, the 'stats count as IP_count by IP' part will help us filter for IP addresses with more than 5 occurrences.
upvoted 0 times
...
Geraldo
10 months ago
I think option A is the correct one.
upvoted 0 times
...
...

Save Cancel