Splunk Enterprise Certified Admin — Question 35

Which of the following statements describe oneshot searches? (Select all that apply.)

Answer options

• A. Are always executed asynchronously.
• B. Can specify csv as an output format.
• C. Stream all results upon search completion.
• D. Can use auto_cancel to set a timeout limit.

Correct answer: B, C

Explanation

Option B is correct because oneshot searches can indeed specify CSV as an output format. Option C is also correct as these searches stream all results once the search is completed. Options A and D are incorrect; oneshot searches do not always execute asynchronously and the auto_cancel feature is not specific to oneshot searches.