Splunk Core Certified User — Question 189

Which search string is the most efficient?

Answer options

• A. ג€failed passwordג€
• B. ג€failed passwordג€*
• C. index=* ג€failed passwordג€
• D. index=security ג€failed passwordג€

Correct answer: D

Explanation

The correct answer is D because specifying the index as 'security' targets a specific dataset, making the search more efficient. Options A and B do not specify an index, leading to broader searches, while option C uses 'index=*', which is less efficient than targeting a specific index.