Splunk Core Certified User — Question 17

Which search will return only events containing the word `error` and display the results as a table that includes the fields named action, src, and dest?

Answer options

• A. error | table action, src, dest
• B. error | tabular action, src, dest
• C. error | stats table action, src, dest
• D. error | table column=action column=src column=dest

Correct answer: A

Explanation

Option A is correct because it uses the correct syntax to filter for `error` and format the output as a table with the specified fields. Option B is incorrect as it uses 'tabular' which is not a valid command for creating a table in this context. Option C incorrectly uses 'stats' which is meant for statistical calculations rather than formatting output as a table. Option D misuses the 'column=' syntax which is not required for the 'table' command.