Splunk Core Certified Power User — Question 127

Which of the following can be saved as an event type?

Answer options

• A. index=server_487 sourcetype=BETA_438 code=732
• B. index=server_487 sourcetype=BETA_438 code=732 | stats count by code
• C. index=server_487 sourcetype=BETA_438 code=732 [ | inputlookup append=t servercode.csv]
• D. index=server_487 sourcetype=BETA_438 code=732 | stats where code > 200

Correct answer: A

Explanation

Option A is a straightforward search string that defines an event type without any additional commands or transformations. Options B, C, and D include commands like 'stats' or 'inputlookup', which perform operations on the data rather than defining an event type directly.