Splunk Core Certified Power User — Question 132

A user runs the following search:

index=X sourcetype=Y | chart count(domain) as count, sum(price) as sum by product, action usenull useother=f

Which of the following table headers match the order this command creates?

Answer options

• A. The chart command does not allow for multiple statistical functions.
• B. Product, count: addtocart, count: remove, count: purchase, sum: addtocart, sum: remove, sum: purchase
• C. Product, sum: addtocart, sum: remove, sum: purchase, count: addtocart, count: remove, count: purchase
• D. Count: product, sum: product, count: action, sum: action

Correct answer: B

Explanation

The correct answer is B because the chart command groups data by 'product' and 'action', calculating 'count' and 'sum' for each action type. Options A, C, and D either misrepresent the order of the output or incorrectly state the capabilities of the chart command.