Splunk Core Certified Power User — Question 81

Given the following eval statement:

... | eval field1 = if(isnotnull(fieid1),field1,0), field2 = if(isnull
Which of the following is the equivalent using fillnull?

Answer options

• A. There is no equivalent expression using fillnull
• B. ... | fillnull values=(0,"NO-VALUE") fields=(field1,field2)
• C. ... | fillnull field1|' fillnull value="NO-VALUE" field2
• D. ... | fillnull value=0 field1 | fillnull field2

Correct answer: C

Explanation

Option C is the correct answer because it effectively replaces null values for both field1 and field2, aligning with the original eval statement's intent. The other options either do not provide equivalent functionality or incorrectly format the fillnull command.