Splunk
SPLK-5001 · Question #78
SPLK-5001 Question #78: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5001 to reveal the answer and full explanation for question #78. The question stem and answer options stay visible for context.
Question
An analyst is looking for known C2 communication in a few billion NetFlow records, using a query similar to the following: index=network sourcetype=netflow src_ip=149.151.100.4 src_port=908 protocol=ip This query works, but due to the sheer size of the index, it is very slow. Which of the following SPL commands might the analyst use when rewriting their SPL to speed up the search?
Options
- Atable
- Btstats
- Caccelerate
- Dlookup
Unlock SPLK-5001 to see the answer
You've previewed enough free SPLK-5001 questions. Unlock SPLK-5001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.