In which of the following scenarios is a subsearch the most appropriate?
In which of the following scenarios is a subsearch the most appropriate?
A subsearch is most appropriate when dynamically filtering hosts. Subsearches are useful for producing search terms for the outer search, such as finding a subset of hosts or programmatically determining the 'earliest' and 'latest' time for events. This makes them ideal for dynamically filtering data based on conditions determined at runtime.
I think B is better because: • Used to produce search terms for the outer search – Find a subset of hosts – Programmatically determine “earliest” and “latest” – Craft the main search string dynamically – Subsearches always run first, before the main search
B is correct A - You don't need subsearch to combine multiple indexes subsearches are not for larger result sets
B, page 320 SCI
B is the correct answer
Also think that the answer is "B"