Splunk Core Certified User — Question 205

Which of the following is the most efficient search?

Answer options

• A. index=* ג€failed passwordג€
• B. ג€failed passwordג€ index=*
• C. (index=* OR index=security) ג€failed passwordג€
• D. index=security ג€failed passwordג€

Correct answer: D

Explanation

Option D is the most efficient because it specifically targets the 'security' index where the relevant data is likely to be stored, reducing the search space. Options A and B search across all indexes, which can lead to unnecessary processing of irrelevant data. Option C, while including the 'security' index, is less efficient since it also searches through all indexes, increasing the search time.