Splunk Exam SPLK-1002 Topic 8 Question 68 Discussion

Actual exam question for Splunk's SPLK-1002 exam

Question #: 68
Topic #: 8

What are the expected search results from executing the following SPL command?

index=network NOT StatusCode=200

AEvery event in the network index that does not have a value in this field.

BEvery event in the network index that does not contain a StatusCode of 200 and excluding events that do not have a value in this field.

CEvery event in the network index that does not contain a StatusCode of 200, including events that do not have a value in this field.

DNo results as the syntax is incorrect, the != field expression needs to be used instead of the NOT operator.

Show Suggested Answer

Suggested Answer: C

by Dominque at Apr 01, 2023, 04:08 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shanice

12 days ago

Hmm, tough one. I'm leaning towards C, but I also kind of want to pick D just to see the look on the instructor's face when they realize the syntax is actually correct. Decisions, decisions.

upvoted 0 times

...

Mee

14 days ago

I'm going with C. The question specifically says 'including events that do not have a value in this field', so that's the only option that matches.

upvoted 0 times

...

Virgilio

17 days ago

Ha! D is clearly the winner here. Whoever wrote this question must be a Splunk newbie. Everyone knows you use != for field exclusions, not the NOT operator.

upvoted 0 times

...

2 months ago

The correct answer is C. The NOT operator will include events that do not have a value in the StatusCode field, which is what the question is asking for.

upvoted 0 times

Erick

1 months ago

Actually, the correct answer is C.

upvoted 0 times

...

Adela

1 months ago

I think the answer is B.

upvoted 0 times

...