Splunk Core Certified Power User — Question 120

What are the expected results for a search that contains the command | where A=B?

Answer options

• A. Events where field A contains the string value B.
• B. Events that contain the string value A=B.
• C. Events where values of field A are equal to values of field B.
• D. Events that contain the string value where A=B.

Correct answer: C

Explanation

The correct answer, C, accurately describes that the command filters events where the values in field A match those in field B. Options A and B misinterpret the command by focusing on string values rather than field value equality, while option D incorrectly suggests a string condition instead of a comparison of field values.