SPLK-1002 • Practice Test 36
Free SPLK-1002 practice test — 15 questions with explanations. Set 36. No signup required.
A security analyst uses Splunk to ingest firewall logs from multiple locations. The index is 'firewall' and the sourcetype is 'fw_log'. Each event contains fields: src_ip, dest_ip, action, bytes, and time. The analyst needs to find how many unique source IPs have been logged in the last hour to report potential scanning activity. The search should be efficient and accurate, returning only the total count of distinct source IPs. Which search accomplishes this?