When writing searches in Splunk, which of the following is true about Booleans?

When writing searches in Splunk, which of the following is true about Booleans?
A . They must be lowercase.
B . They must be uppercase.
C . They must be in quotations.
D . They must be in parentheses.

Answer: D

Explanation:

Reference: https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions

Subscribe
Notify of
guest
3 Comments
Inline Feedbacks
View all comments
Sunil Kuamr
Sunil Kuamr
1 year ago

Wrong Answer , The Answer is B

The Splunk search processing language (SPL) supports the Boolean operators: AND , OR , and NOT . The operators must be capitalized. T

TK
TK
4 years ago

wrong

answer is B

PC
PC
4 years ago

It should be “They must be uppercase.” (capitalized)
only NOT must be in parenthesis

https://docs.splunk.com/Documentation/Splunk/7.2.6/Search/Booleanexpressions