Splunk Cloud Certified Admin — Question 13

When writing a detector with a large number of MTS, such as memory.free in a deployment with 30,000 hosts, it is possible to exceed the cap of MTS that can be contained in a single plot. Which of the choices below would most likely reduce the number of MTS below the plot cap?

Answer options

• A. Select the Shared option when creating the plot.
• B. Add a filter to narrow the scope of the measurement.
• C. Add a restricted scope adjustment to the plot.
• D. When creating the plot, add a discriminator.

Correct answer: B

Explanation

The correct answer is B because adding a filter effectively narrows down the data being collected, thus reducing the number of MTS below the cap. The other options, while applicable in different contexts, do not specifically address the need to decrease the total MTS count within the constraints of the plot.