Splunk Core Certified Power User SPLK-1002 Question # 85 Topic 9 Discussion

SPLK-1002 Exam Topic 9 Question 85 Discussion:

Question #: 85

Topic #: 9

To identify all of the contributing events within a transaction that contains at least one REJECT event, which syntax is correct?

Index-main | REJECT trans sessionid

Index-main | transaction sessionid | search REJECT

Index=main | transaction sessionid | whose transaction=reject

Index=main | transaction sessionid | where transaction=reject’’

Get Premium SPLK-1002 Questions

Actual exam question for Splunk SPLK-1002 exam by Kai32126 at May 4, 2026, 7:39:35 PM

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.