Which of the following statements is true, especially in large environments?

Which of the following statements is true, especially in large environments?
A . Use the scats command when you next to group events by two or more fields.
B . The stats command is faster and more efficient than the transaction command
C . The transaction command is faster and more efficient than the stats command.
D . Use the transaction command when you want to see the results of a calculation.

View Answer

Answer: B

Explanation:

Reference: https://answers.splunk.com/answers/103/transaction-vs-stats-commands.html

The stats command is faster and more efficient than the transaction command, especially in large environments. The stats command is used to calculate summary statistics on the events, such as count, sum, average, etc. The stats command can group events by one or more fields or by time buckets. The stats command does not create new events from groups of events, but rather creates new fields with statistical values. The transaction command is used to group events into transactions based on some common characteristics, such as fields, time, or both. The transaction command creates new events from groups of events that share one or more fields. The transaction command also creates some additional fields for each transaction, such as duration, eventcount, startime, etc. The transaction command is slower and more resource-intensive than the stats command because it has to process more data and create more events and fields.