Splunk Enterprise Security Certified Admin — Question 77

What does the summariesonly=true option do for a correlation search?

Answer options

• A. Searches only accelerated data.
• B. Forwards summary indexes to the indexing tier.
• C. Uses a default summary time range.
• D. Searches summary indexes only.

Correct answer: A

Explanation

The correct answer, A, indicates that when summariesonly=true is set, the search will target only accelerated data for efficiency. The other options describe different functionalities that do not pertain to the specific effect of the summariesonly=true parameter.