A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives.Which of the following options is most likely to help performance?
What should be used to map a non-standard field name to a CIM field name?
Which of the following lookup types in Enterprise Security contains information about known hostile IP addresses?
A set of correlation searches are enabled at a new ES installation, and results are being monitored. One of the correlation searches is generating many notable events which, when evaluated, are determined to be false positives.What is a solution for this issue?
Which of the following steps will make the Threat Activity dashboard the default landing page in ES?
When using distributed configuration management to create the Splunk_TA_ForIndexers package, which three files can be included?
