Q: 1
Which of the following describes the I transaction command?
Options
Discussion
I've seen similar on the exam and official guide, I'm leaning toward A.
C is the best fit here. Transaction groups events based on shared values, but it doesn't require a minimum of two-single events can be grouped too. I think C is more accurate than A, but open to discussion if anyone disagrees.
D , A is a trap because transaction can group single events too.
C imo, since the transaction command is used to group related events by matching field values, like clientip or session. Pretty sure it's not about moving data between indexes or systems. Anyone pick something else?
Be respectful. No spam.
