Splunk
SPLK-3001 · Question #86
SPLK-3001 Question #86: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-3001 to reveal the answer and full explanation for question #86. The question stem and answer options stay visible for context.
Question
A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives. What is a solution for this issue?
Options
- ASuppress notable events from that correlation search.
- BDisable acceleration for the correlation search to reduce storage requirements.
- CModify the correlation schedule and sensitivity for your site.
- DChange the correlation search's default status and severity.
Unlock SPLK-3001 to see the answer
You've previewed enough free SPLK-3001 questions. Unlock SPLK-3001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.