ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1003 All Questions

View all questions & answers for the SPLK-1003 exam
Go to Exam

Exam SPLK-1003 topic 1 question 164 discussion

Actual exam question from Splunk's SPLK-1003
Question #: 164
Topic #: 1
[All SPLK-1003 Questions]

What is the correct example to redact a plain-text password from raw events?

  • A. in props.conf:
    [identity]
    REGEX-redact_pw = s/password=([^,|\s]+)/####REDACTED####/g
  • B. in transforms.conf:
    [identity]
    REGEX-redact_pw = s/password=([^,|\s]+)/####REDACTED####/g
  • C. in props.conf:
    [identity]
    SEDCMD-redact_pw = s/password=([^,|\s]+)/####REDACTED####/g
  • D. in transforms.conf:
    [identity]
    SEDCMD-redact_pw = s/password=([^,|\s]+)/####REDACTED####/g
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by RyanWood21 at Aug. 28, 2024, 3:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RayDogg
1 week, 1 day ago
Selected Answer: C
I agree with C as well. SEDCMS is used in the props.conf file to accomplish this.
upvoted 1 times
...
Ziadz
4 months, 1 week ago
Selected Answer: C
SEDCMS must be used with props.conf
upvoted 1 times
...
varmaTrainer
4 months, 3 weeks ago
Selected Answer: C
Answer is C, Splunk use SEDCMD in props.conf, SEDCMD-<class> = s/<regex>/<replacement>/flags https://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedata#Select_events_to_anonymize
upvoted 1 times
...
RyanWood21
4 months, 3 weeks ago
Selected Answer: B
The transforms.conf file is used primarily for more complex data transformations, such as routing, filtering, or extracting fields. It does use REGEX directives, but these are generally applied in combination with other configurations, such as for field extractions, lookups, or routing decisions.
upvoted 2 times
RyanWood21
4 months, 3 weeks ago
Correction, I agree the Answer is C and not B. See above.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago