Splunk Enterprise Security Certified Admin — Question 16

What is the maximum recommended volume of indexing per day, per indexer, for a non-cloud (on-prem) ES deployment?

Answer options

• A. 50 GB
• B. 100 GB
• C. 300 GB
• D. 500 MB

Correct answer: B

Explanation

The correct answer is B, 100 GB, as it is the recommended maximum for an on-prem ES deployment to ensure optimal performance and manageability. Options A, C, and D do not meet the best practices for indexing volume, either being too low or excessively high for standard operations.