Q: 6
To identify all of the contributing events within a transaction that contains at least one REJECT event,
which syntax is correct?
Options
Discussion
B saw this on a Splunk practice. Filters after transaction, seems to match what they ask.
B
I don't think it's B, C has the filter but maybe a syntax issue?
My vote is it's B. The trick is the
| search REJECT part, since it keeps all events from those transactions with at least one REJECT inside. A and D don't use the right commands. Anyone pick C for any reason?B tbh. Only this one keeps all events in the transaction where REJECT shows up. The others miss that filter step.
Be respectful. No spam.
