A search uses `transaction` with wildcard fields (e.g., `*id`), causing poor performance. What is the best practice to optimize this?
Transaction matches fields exactly; wildcards slow down because Splunk must evaluate multiple fields.
Why this answer
Option C is correct because using specific field names improves performance by avoiding wildcard matching. Option A (increase limits) doesn't address wildcard inefficiency. Option B (use stats) might help but changes approach.
Option D (regex) is not a transaction option.