Splunk Core Certified User — Question 180

When is the pipe character, |, used in search strings?

Answer options

• A. Before clauses. For example: stats sum(bytes) | by host
• B. Before commands. For example: | stats sum(bytes) by host
• C. Before arguments. For example: stats sum| (bytes) by host
• D. Before functions. For example: stats |sum(bytes) by host

Correct answer: B

Explanation

The correct answer is B because the pipe character is used to pass the results of one command as input to another command in search strings. The other options are incorrect as they misplace the pipe character in contexts where it does not function as intended in a search command structure.