Splunk Exam SPLK-5001 Topic 1 Question 5 Discussion

Actual exam question for Splunk's SPLK-5001 exam

Question #: 5
Topic #: 1

An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?

Aindex=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts

Bindex=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts

Cindex=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts

Dindex=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts

Show Suggested Answer

Suggested Answer: C

by Ryan at Aug 23, 2024, 11:53 PM

Limited Time Offer

25%

Off

Get Premium SPLK-5001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tarra

9 months ago

Hmm, I'm not sure. D seems a bit strange - 'sum' instead of 'count'? I'm leaning towards C, but I'll double-check the docs just in case.

upvoted 0 times

...

Tammy

9 months ago

I think D is the correct answer because we need to sum the count of failed attempts by IP address.

upvoted 0 times

...

9 months ago

Option C looks good to me. The 'stats' command is perfect for aggregating the failed login attempts by IP address.

upvoted 0 times

Delfina

9 months ago

Agreed, it's perfect for aggregating the data.

upvoted 0 times

...

Gregoria

9 months ago

Yeah, the 'stats' command is great for that.

upvoted 0 times

...

Dana

9 months ago

I think option C is the way to go.

upvoted 0 times

...

Robt

9 months ago

I disagree, I believe the answer is B.

upvoted 0 times

...

Antione

9 months ago

I think the answer is C.

upvoted 0 times

...