Splunk IT Service Intelligence Certified Admin — Question 13

Which of the following will show all artifacts that have the term =results in a filePath CEF value?

Answer options

• A. .../rest/artifact?_query_cef__filepath__icontains="results"
• B. .../rest/artifacts/filePath="%results%"
• C. .../rest/artifacts/cef/filePath="%results%"
• D. .../rest/artifact?_filter_cef__filePath__icontains="results"

Correct answer: D

Explanation

The correct answer is D because it correctly uses the filter parameter to search for CEF artifacts with 'results' included in the filePath. Option A uses a query instead of a filter, while options B and C do not utilize the 'icontains' operator, which is necessary for a partial match search.