Which of the following searches show a valid use of macro? (Select all that apply)

SPLK-1002 V2 0 Comments

Which of the following searches show a valid use of macro? (Select all that apply)
A . index=main source=mySource oldField=* |’makeMyField(oldField)’| table _time newField
B . index=main source=mySource oldField=* | stats if(‘makeMyField(oldField)’) | table _time newField
C . index=main source=mySource oldField=* | eval newField=’makeMyField(oldField)’| table _time newField
D . index=main source=mySource oldField=* | "’newField(‘makeMyField(oldField)’)’" | table _time newField

Answer: A, C

Explanation:

Reference: https://answers.splunk.com/answers/574643/field-showing-an-additional-and-not-visible-value-1.html

To use a macro in a search, you must enclose the macro name and any arguments in single quotation marks1. For example, ‘my_macro(arg1, arg2)’ is a valid way to use a macro with two arguments. You can use macros anywhere in your search string where you would normally use a search command or expression1. Therefore, options A and C are valid searches that use macros, while options B and D are invalid because they do not enclose the macros in single quotation marks.

Latest SPLK-1002 Dumps Valid Version with 168 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SPLK-1002 PDF     SPLK-1002 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments