Free Splunk SPLK-1002 Actual Exam Questions - Question 2 Discussion

Yeah, totally agree with B here. The transaction command can get super slow when dealing with huge datasets since it tries to tie events together, which is more resource-heavy. Stats is designed for fast aggregations and works way better when you just want efficient summaries without event correlation overhead. So in large environments, B definitely makes the most sense.

Good point about scalability, B makes sense since transaction gets heavy fast.

B, stats is way more scalable in big setups than transaction.

It’s B. The stats command is generally faster and more efficient than the transaction command, especially when dealing with large datasets. Transaction can be pretty slow because it tries to group events based on related fields over time, which gets heavy in big environments. The explanation for option D seems off-transaction isn’t really about calculations, that’s usually stats territory. Would be great to see a clearer explanation for why transaction is less efficient though.