ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1004 All Questions

View all questions & answers for the SPLK-1004 exam
Go to Exam

Exam SPLK-1004 topic 1 question 61 discussion

Actual exam question from Splunk's SPLK-1004
Question #: 61
Topic #: 1
[All SPLK-1004 Questions]

What is the value of base lispy in the Search Job Inspector for the search index=sales clientip=170.192.178.10?

  • A. [ index::sales 192 AND 10 AND 178 AND 170 ]
  • B. [ index::sales AND 469 10 702 390 ]
  • C. [ 192 AND 10 AND 178 AND 170 index::sales ]
  • D. [ AND 10 170 178 192 index::sales ]
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Eddie_exam at April 25, 2024, 7:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
teeec
2 weeks, 5 days ago
Selected Answer: D
Lispy sorts alphabetically and number from small to large Correct Lispy Representation: [ 10 AND 170 AND 178 AND 192 index::sales ] Analyzing the Answer Choices: A. [ index::sales 192 AND 10 AND 178 AND 170 ] – Incorrect (incorrect order, index::sales appears at the start). B. [ index::sales AND 469 10 702 390 ] – Incorrect (unrelated numbers). C. [ 192 AND 10 AND 178 AND 170 index::sales ] – Incorrect (order of numbers is wrong; 10 should come first). D. [ AND 10 170 178 192 index::sales ] – Correct (proper ascending order and correct placement of index::sales).
upvoted 1 times
...
c1c8784
2 weeks, 6 days ago
Selected Answer: A
Splunk “lispy” expansions often break IP addresses into separate terms (170, 192, 178, 10) with boolean AND. The approximate structure is typically [ index::sales <term1> AND <term2> AND ... ]. (Note: the exact order of the IP terms can vary, but the key pattern is index::sales followed by each numeric chunk joined by AND.)
upvoted 1 times
...
Eddie_exam
3 months ago
Splunk Fundamentals 3 slide 285 also has an example of this but no explanation.
upvoted 1 times
...
Eddie_exam
3 months ago
Selected Answer: D
Correct answer is D. Lispy sorts alphabetically and number from small to large. See https://conf.splunk.com/files/2017/slides/fields-indexed-tokens-and-you.pdf
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago