Exam SPLK-1002 topic 1 question 33 discussion

B can't be true, it has a malformed if statement. I think it's A & C.

AC are correct

A, C Can't be B because "if" takes 3 arguments.

I'm I the only one that see there's no "NewField" in the A search and that would likely result in the search not working. For me only C is working in terms of macro's and search. But maybe I'm wrong.

please check in splunk also

Only A works why are the others being suggested?

A and C are correct. Anyone saying C is wrong due to quotes is ignoring the fact macro's use ` ` syntax

Only A is correct B is incorrect since the if statement was malformed C is incorrect since the field value must be quoted by double-quotes, not single-quotes D is incorrect obviously

AC are correct

A and C are correct. A obviously, and C works because I just tried it

which one is the final answer friends, could you pls confirm.

A is Correct

I think the only answer is A based off what I read here: https://community.splunk.com/t5/Knowledge-Management/How-to-pass-field-values-as-macro-arguments/m-p/164018 BD are for sure incorrect (improper use of back ticks (D) and no function following stats command (B)) C however, I think is also wrong because eval evaluates mathematical, string, and boolean expressions.. therefore eval newField='makeMyField(oldField)' would take oldField as a string and not as an argument.

A, C correct answers

@kbisht : Why not C or D?

Correct ans is A