Splunk Enterprise Security Certified Admin — Question 10

Which argument to the | tstats command restricts the search to summarized data only?

Answer options

• A. summaries=t
• B. summaries=all
• C. summariesonly=t
• D. summariesonly=all

Correct answer: C

Explanation

The correct answer is C, 'summariesonly=t', as it specifically instructs the | tstats command to return only summarized data. Option A allows summarized data but does not restrict to it, while B and D do not apply the necessary restriction to ensure only summarized data is retrieved.