Splunk Core Certified User — Question 169

Query - status != 100:

Answer options

• A. Will return event where status field exist but value of that field is not 100.
• B. Will return event where status field exist but value of that field is not 100 and all events where status field doesn't exist.
• C. Will get different results depending on data.

Correct answer: A

Explanation

The correct answer, A, accurately describes that the query will filter events where the status field is present and does not equal 100. Option B incorrectly states that it includes events where the status field does not exist, which is not true for this query. Option C is misleading because the query's behavior is consistent and does not vary based on data, as it strictly checks for the status value.