Multiple Choice
A customer site is experiencing poor performance. The UI response time is high and searches take a very long time to run. Some operations time out and there are errors in the scheduler logs, indicating too many concurrent searches are being started. 6 total correlation searches are scheduled and they have already been tuned to weed out false positives. Which of the following options is most likely to help performance?
A) Change the search heads to do local indexing of summary searches.
B) Add heavy forwarders between the universal forwarders and indexers so inputs can be parsed before indexing.
C) Increase memory and CPUs on the search head(s) and add additional indexers.
D) If indexed realtime search is enabled, disable it for the notable index.
Correct Answer:
Verified
Correct Answer:
Verified
Q43: The Brute Force Access Behavior Detected correlation
Q44: What does the Security Posture dashboard display?<br>A)
Q45: What are adaptive responses triggered by?<br>A) By
Q46: ES needs to be installed on a
Q47: Which argument to the | tstats command
Q49: If a username does not match the
Q50: "10.22.63.159", "websvr4", and "00:26:08:18: CF:1D" would be
Q51: Which data model populates the panels on
Q52: Which of the following is a risk
Q53: Which correlation search feature is used to