Consider the following search:
index=web sourcetype=access_combined
The log shows several events that share the same JSESSIONID value (SD470K92802F117). View the events as a group.
From the following list, which search groups events by JSESSIONID?
How can an existing accelerated data model be edited?
When would transaction be used instead of stats?
Where are the descriptions of the data models that come with the Splunk Common Information Model (CIM) Add-on documented?
Which of the following is true about a datamodel that has been accelerated?