Which of the following are reasons to create separate indexes? (Choose all that apply.)
Which of the following are reasons to create separate indexes? (Choose all that apply.)
Creating separate indexes is a common practice for ensuring different retention times and restricting user permissions. Different retention times allow for customized data lifecycle management where specific data can be kept for different durations. Additionally, restricting user permissions is crucial for security and compliance, as it enables control over which users can access specific data, thereby maintaining data privacy and adherence to access policies.
D: is not specific enough in my opinion. It is not a splunk reason.
Agree, A & C
Yeah, I feel like this is AC, but D could be possible if it elaborated a little more on why.
You seperate indexes based on 3 reasons: retention policy (A), visibility (C), log format. so the answer is AC
I would say C also applies, as you can restrict roles to only have access to certain indexes.