Which of the following actions can improve overall search performance?
Which of the following actions can improve overall search performance?
To improve overall search performance, it is important to optimize the use of system resources. Reducing the frequency or schedule of lower-priority correlation searches will decrease the load on the system, allowing it to allocate more resources to higher-priority searches, thus enhancing overall performance. Disabling indexed real-time search, while potentially freeing up some resources, may not be advisable as it could impair the real-time capabilities of the system that may be necessary for certain operations. Therefore, adjusting the frequency of less critical searches is a more balanced and effective approach.
A is correct You can improve overall performance by making less critical correlation searches scheduled instead of real-time Administering Splunk Enterprise Security page 228
C is correct
please link
C is correct. Page 328 of Administering Splunk Enterprise Security "ES automatically configures Splunk to use indexed real time searching Improves concurrent real time search performance at the cost of a small delay in delivering real time results from searches Leave turned on in ES for best performance" This slide invalidates A. being the answer.
A and C are strictly true
A is totallly wrong