Splunk Infrastructure Overview — Question 21

Which of the following would exclude all entries contained in the lookup file baditems.csv from search results?

Answer options

• A. NOT [inputlookup baditems.csv]
• B. NOT (lookup baditems.csv OUTPUT item)
• C. WHERE item NOT IN (baditems.csv)
• D. [NOT input.lookup baditems.csv]

Correct answer: C

Explanation

The correct answer, C, uses the WHERE clause to filter out items that are present in the baditems.csv file. Options A and D use incorrect syntax for inputting lookups, while option B does not effectively exclude the entries from the search results.