Exam SPLK-5001 Topic 5 Question 11 Discussion
Actual exam question for Splunk's SPLK-5001 exam
Question #: 11
Topic #: 5
Question #: 11
Topic #: 5
After discovering some events that were missed in an initial investigation, an analyst determines this is because some events have an empty src field. Instead, the required data is often captured in another field called machine_name.
What SPL could they use to find all relevant events across either field until the field extraction is fixed?
What SPL could they use to find all relevant events across either field until the field extraction is fixed?
Suggested Answer: B Vote an answer
by Constance at Jan 25, 2025, 01:36 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).