Windows can prevent a Splunk forwarder from reading open files. If files need to be read while they are being written to, what type of input stanza needs to be created?
Although there are only 3 ways of getting data into Splunk: Upload, Monitor, and Forward.
However, MonitorNoHandle is a specific type of Monitor input stanza used for Windows systems to handle open files being written to.
The correct answer is C. MonitorNoHandle.
MonitorNoHandle is a type of input stanza that allows a Splunk forwarder to read files on Windows systems as Windows writes to them. It does this by using a kernel-mode filter driver to capture raw data as it gets written to the file1. This input stanza is useful for files that get locked open for writing, such as the Windows DNS server log file2.
The monitor input is designed to read files, including those that are actively being written to.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NastyNutsu
1 month, 1 week agoRayDogg
1 month, 1 week agoRoPsur
3 months, 2 weeks ago