I am asking this question because I was studying one of the tutorials and the quiz question says it is NOT applicable to validate(). Based on what I understood, in() function can be used in validate(), case() and if().
I verified it by running a search. Not sure why validate() is an incorrect option. Thoughts?
I don't know where you got this limitation. It's a normal function returning boolean value and as such must be used in boolean-accepting context like eval, case or validate functions or where command.
@CyberAarI would recommend not posting Splunk quiz questions in the Community. It would be more beneficial to go through the course videos and documentation thoroughly before attempting the quiz.
Using in with case
May I know what does "not a standard function" imply? In the official tutorial, validate() function has been also explained along with if() and case(). Works similar to case() but does just the opposite of it.
Thanks for mentioning about posting the content. I have removed it.