Splunk Core Certified Power User — Question 113

Which of the following searches will return all clientip addresses that start with 108?

Answer options

• A. ... | where (clientip, "108.%"
• B. ... | where like(clientip, "108.%")
• C. ... | where (clientip=108.%)
• D. ... | search clientip=108

Correct answer: B

Explanation

Option B is correct because the 'like' function is used to match patterns in strings, making it suitable for this search. The other options are incorrect as they either use improper syntax or do not effectively filter for the desired pattern.