SPLK-1003 Advanced Searching and Statistics • Set 10
SPLK-1003 Advanced Searching and Statistics Practice Test 10 — 15 questions with explanations. Free, no signup.
A security analyst is investigating a potential breach. They have a search that uses the transaction command to group events by session_id and calculates the total bytes transferred per session. However, the search takes over 30 minutes to complete on a 24-hour time range. The environment has 10 indexers with default settings. The analyst needs to reduce search time while preserving the ability to group by session_id. Which course of action should they take?