Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Splunk Exam SPLK-1004 Topic 1 Question 6 Discussion

Actual exam question for Splunk's SPLK-1004 exam
Question #: 6
Topic #: 1
[All SPLK-1004 Questions]

A report named "Linux logins" populates a summary index with the search string sourcetype=linux_secure| sitop src_ip user. Which of the following correctly

searches against the summary index for this data?

Show Suggested Answer Hide Answer
Suggested Answer: B

When searching against summary data in Splunk, it's common to reference the name of the saved search or report that populated the summary index. The correct search syntax to retrieve data from the summary index populated by a report named 'Linux logins' is index=summary search_name='Linux logins' | top src_ip user (Option B). This syntax uses the search_name field, which holds the name of the saved search or report that generated the summary data, allowing for precise retrieval of the intended summary data.


Contribute your Thoughts:

Jamie
6 months ago
I agree with Lindsey, A seems like the most appropriate answer as it specifically targets the sourcetype linux_secure.
upvoted 0 times
...
Tammi
6 months ago
I disagree, I believe the correct answer is C because it uses stats count to summarize the data by src_ip and user.
upvoted 0 times
...
Lindsey
6 months ago
I think the answer is A because it directly searches for sourcetype=linux_secure in the summary index.
upvoted 0 times
...
Delisa
6 months ago
Alright, I'll trust your judgement and go with A) as well.
upvoted 0 times
...
Fredric
7 months ago
Yeah, I think sticking with A) would be the safest bet for this question.
upvoted 0 times
...
Gayla
7 months ago
I see your point, but I still believe A) is the most accurate choice.
upvoted 0 times
...
Delisa
7 months ago
I'm not sure, but I think maybe C) index=summary search_name="Linux logins" | stats count by src_ip user could also work.
upvoted 0 times
...
Fredric
7 months ago
I agree with Gayla, option A seems to be the right choice.
upvoted 0 times
...
Gayla
7 months ago
I think the correct answer is A) index=summary sourcetype="linux_secure" | top src_ip user.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77