Splunk Exam SPLK-1004 Topic 1 Question 6 Discussion

Actual exam question for Splunk's SPLK-1004 exam

Question #: 6
Topic #: 1

A report named "Linux logins" populates a summary index with the search string sourcetype=linux_secure| sitop src_ip user. Which of the following correctly

searches against the summary index for this data?

Aindex=summary sourcetype='linux_secure' | top src_ip user

Bindex=summary search_name='Linux logins' | top src_ip user

Cindex=summary search_name='Linux logins' | stats count by src_ip user

Dindex=summary sourcetype='linux_secure' | stats count by src_ip user

Show Suggested Answer

Suggested Answer: B

When searching against summary data in Splunk, it's common to reference the name of the saved search or report that populated the summary index. The correct search syntax to retrieve data from the summary index populated by a report named 'Linux logins' is index=summary search_name='Linux logins' | top src_ip user (Option B). This syntax uses the search_name field, which holds the name of the saved search or report that generated the summary data, allowing for precise retrieval of the intended summary data.

by Norah at Mar 09, 2024, 04:18 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!