Which argument to the | tstats command restricts the search to summarized data only?
Which argument to the | tstats command restricts the search to summarized data only?
The argument used to restrict the search to summarized data only in the | tstats command is 'summariesonly=t'. This argument tells Splunk to use only the summarized data from accelerated data models. This ensures that the search results are generated from the summary data, which is usually faster than searching raw data.
Answer is C https://docs.splunk.com/Documentation/Splunk/8.1.2/SearchReference/Tstats - Uses the summariesonly argument to get the time range of the summary for an accelerated data model named mydm. - | tstats summariesonly=t min(_time) AS min, max(_time) AS max FROM datamodel=mydm
C is correct