C is correct. Refer Page 134 Fundamentals2

**D. Use stats when the events need to be viewed as a single correlated event.** Explanation: - The statement in option D helps a user choose between the transaction and stats commands in Splunk. - **Stats** should be used when events need to be viewed and analyzed as a whole, providing statistical summaries or calculations across events. - **Transaction** should be used when events need to be grouped together based on common characteristics or fields to analyze sequences or chains of events. Options A, B, and C provide incorrect or irrelevant information about the transaction and stats commands in Splunk. < https://shorturl.at/8Wc2o > I used ExamTOPICfor my SPLK exam and it was a good experience. The dumps were mostly accurate, but some questions were outdated.

C is the correct answer.

The transaction command in Splunk is used to group events together based on common field values, time periods, or other criteria. It's particularly useful when you have log data with related events that need to be treated as a single transaction for analysis or reporting purposes.

C is correct. D isn't correct because you would use the "transaction" command to group events as a single correlated event NOT the "stats" command as stated in the question

The correct answer is D - Splunk documentation reference https://docs.splunk.com/Documentation/SplunkCloud/latest/Search/Abouttransactions

The correct answer is D. Use stats when the events need to be viewed as a single correlated event. The transaction command is used to group events together based on common field values. It can also use more complex constraints such as the total period of the transaction, delays between events within the transaction, and required beginning and ending events. The stats command is used to calculate statistics on events grouped by one or more fields. It does not retain the raw event and other field values from the original event. The transaction command is slower than the stats command, but it is more flexible. It can be used to group events together based on more complex criteria. The stats command is faster, but it is less flexible. It can only group events together based on field values. The transaction command is limited to 1000 events. The stats command has no limit on the number of events that it can group together. If you need to view the events as a single correlated event, you should use the transaction command. If you need to calculate statistics on the events, you should use the stats command.

C is correct.

Ans is C D statement cab be corrected by replacing stats with trasnaction.... Use Transaction when the events need to be viewed as a single correlated event

As other people’s comments the limitation of events quantity is changeable by admin. I think D is much better than C, But I didn’t find evidence. We have 2 specific cases refer to use transaction better. 1.unique ID alone is not sufficient to discriminate between 2 transactions. 2. When it is desirable to see the raw text of the events combined rather than analysis on constituent fields of events.

Limit of 1,000 events per transaciton to no limits when using stats.