SPLK-1002 Question #97: Real Exam Question with Answer & Explanation

The correct answer is C: There is a 1000 event limitation with the transaction command.. One of the statements that would help a user choose between the transaction and stats commands is that there is a 1000 event limitation with the transaction command. The transaction command is used to group events that share a common value for one or more fields into transactions

Correlating Events

Question

Which of the following statements would help a user choose between the transaction and stats commands?

Options

Astate can only group events using IP addresses.
BThe transaction command is faster and more efficient.
CThere is a 1000 event limitation with the transaction command.
DUse state when the events need to be viewed as a single event.

Explanation

One of the statements that would help a user choose between the transaction and stats commands is that there is a 1000 event limitation with the transaction command. The transaction command is used to group events that share a common value for one or more fields into transactions. The transaction command has a default limit of 1000 events per transaction, which means that it will not group more than 1000 events into a single transaction. This limit can be changed by using the maxevents parameter, but it can affect the performance and memory usage of Splunk. Therefore, option C is correct, while options A, B and D are incorrect because they are not statements that would help a user choose between the transaction and stats commands.

Topics

#transaction command#stats command#event correlation#command limitations

Community Discussion

No community discussion yet for this question.

Full SPLK-1002 Practice Browse All SPLK-1002 Questions