Splunk Enterprise Certified Admin — Question 23

When the search/jobs REST endpoint is called to execute a search, what can be done to reduce the results size in the results? (Select all that apply.)

Answer options

• A. Use a generating search.
• B. Remove unneeded fields.
• C. Truncate the data, using selective functions.
• D. Summarize data, using analytic commands.

Correct answer: A, B

Explanation

Using a generating search (Option A) can help focus the results to only what's necessary, while removing unneeded fields (Option B) directly reduces the amount of data returned. Options C and D do not specifically target the reduction of result size in the same effective way as A and B.