Splunk SPLK-1004 Exam - Topic 16 Question 51 Discussion

Actual exam question for Splunk's SPLK-1004 exam

Question #: 51
Topic #: 16

When working with an accelerated data model acc_datmodel and an unaccelerated data model unacc_datmodel, what tstats query could be used to search one of these data models?

A| tstats count from datamodel=acc_datmodel summariesonly=false

B| tstats count where datamodel=acc_datmodel summariesonly=false

C| tstats count where index=datamodel by index, datamodel

D| tstats count from datamodel=unacc_datmodel summariesonly=true

Show Suggested Answer

Suggested Answer: A

The tstats command in Splunk is optimized for performance and is typically used with accelerated data models. The summariesonly parameter determines whether the search should use only the summarized (accelerated) data or fall back to raw data if necessary.

Setting summariesonly=false allows the search to use both summarized and raw data, making it suitable for both accelerated and unaccelerated data models.

Setting summariesonly=true restricts the search to only summarized data, which would result in no data returned if the data model is not accelerated.

Therefore, to search an accelerated data model and allow fallback to raw data if needed, the correct query is:

| tstats count from datamodel=acc_datmodel summariesonly=false

tstats - Splunk Documentation

by Louisa at Jun 01, 2026, 12:11 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!