Splunk Core Certified Power User — Question 195

When using the transaction command, what does the argument maxspan do?

Answer options

• A. Sets the maximum total time between events in a transaction.
• B. Sets the maximum length of all the events within a transaction.
• C. Sets the maximum total time between the earliest and latest events in a transaction.
• D. Sets the maximum length that any single event can reach to be included in the transaction.

Correct answer: C

Explanation

The correct answer is C because the maxspan argument specifies the total time span from the first event to the last event in a transaction. Options A and B misinterpret this as relating to individual events rather than the overall span. Option D incorrectly suggests it pertains to the length of a single event, rather than the collective timing of all events.