Splunk Enterprise Security Certified Admin — Question 17
Which settings indicates that the correlation search will be executed as new events are indexed?
Answer options
- A. Always-On
- B. Real-Time
- C. Scheduled
- D. Continuous
Correct answer: B
Explanation
The correct answer is B, Real-Time, as it ensures that the correlation search processes events immediately as they are indexed. The other options, such as Always-On, Scheduled, and Continuous, do not guarantee immediate execution based on new event indexing.