Greetings!!!
Kindly help me to more understand the purpose of fine-tune queries? based on your experience?
Dear @richgalloway Thank you so much for your response and the time,
But what I wanted to know is that in my opinion, we use search queries to fetch data from indexers, and sometimes we finetune it(or change it) based on what we want to get, like reducing the noise of false positives by getting only the information you need, I wanted to know more information about this and its explanations.
BUT I have got the link with more details and it answered my concerns:
https://docs.splunk.com/Documentation/Splunk/8.1.1/Search/Aboutoptimization
Thank you again!
Only you and/or your supervisor know why you want to do that and what you hope to gain from it.
Dear @richgalloway
Let's say like this, help me to more understand the purpose of fine-tune queries? based on your experience?
Dear @richgalloway Thank you so much for your response and the time,
But what I wanted to know is that in my opinion, we use search queries to fetch data from indexers, and sometimes we finetune it(or change it) based on what we want to get, like reducing the noise of false positives by getting only the information you need, I wanted to know more information about this and its explanations.
BUT I have got the link with more details and it answered my concerns:
https://docs.splunk.com/Documentation/Splunk/8.1.1/Search/Aboutoptimization
Thank you again!