Splunk Core Certified User — Question 143

What are the two most efficient search filters?

Answer options

• A. _time and host
• B. _time and index
• C. host and sourcetype
• D. index and sourcetype

Correct answer: B

Explanation

The correct answer is B, as using _time and index together allows for highly efficient searches by narrowing down the time range and the specific data source. Options A, C, and D, while useful, do not provide the same level of efficiency when searching through large datasets.