Splunk Core Certified Power User — Question 187
Which of the following statements describe the command below? (Choose all that apply.) sourcetype=access_combined | transaction JSESSIONID
Answer options
- A. An additional field named maxspan is created.
- B. An additional field named duration is created.
- C. An additional field named eventcount is created.
- D. Events with the same JSESSIONID will be grouped together into a single event.
Correct answer: B, C, D
Explanation
The correct answer includes B, C, and D because the transaction command creates both duration and eventcount fields while grouping events with the same JSESSIONID into a single event. Option A is incorrect as maxspan is not created by this command.