Splunk Enterprise Security Certified Admin — Question 13

Which correlation search feature is used to throttle the creation of notable events?

Answer options

• A. Schedule priority.
• B. Window interval.
• C. Window duration.
• D. Schedule window.

Correct answer: C

Explanation

The correct answer is C, Window duration, as it defines the time period during which events are considered for notable event creation, effectively throttling their generation. Options A, B, and D do not specifically address the throttling aspect; Schedule priority influences the execution order, Window interval determines the frequency of searches, and Schedule window refers to the time frame for executing the search.