Splunk Core Certified User — Question 202

Which search string returns a filed containing the number of matching events and names that field Event Count?

Answer options

• A. index=security failure | stats sum as ג€Event Countג€
• B. index=security failure | stats count as ג€Event Countג€
• C. index=security failure | stats count by ג€Event Countג€
• D. index=security failure | stats dc(count) as ג€Event Countג€

Correct answer: B

Explanation

The correct answer is B because the 'stats count' command calculates the total number of events, which is exactly what is needed for the Event Count field. Option A uses 'sum', which is not appropriate here as it does not count events directly. Option C incorrectly attempts to group by Event Count, which is not a valid approach for this requirement, and option D uses 'dc(count)', which counts distinct values rather than the total number of events.