exam questions

Exam SPLK-1005 All Questions

View all questions & answers for the SPLK-1005 exam

Exam SPLK-1005 topic 1 question 11 discussion

Actual exam question from Splunk's SPLK-1005
Question #: 11
Topic #: 1
[All SPLK-1005 Questions]

A monitor has been created in inputs.conf for a directory that contains a mix of file types.
How would a Cloud Admin fine-tune assigned sourcetypes for different files in the directory during the input phase?

  • A. On the Indexer parsing the data, leave sourcetype as automatic for the directory monitor. Then create a props.conf that assigns a specific sourcetype by source stanza.
  • B. On the forwarder collecting the data, leave sourcetype as automatic for the directory monitor. Then create a props.conf that assigns a specific sourcetype by source stanza.
  • C. On the Indexer parsing the data, set multiple sourcetype_source attributes for the directory monitor collecting the files. Then create a props.conf that filters out unwanted files.
  • D. On the forwarder collecting the data, set multiple sourcetype_source attributes for the directory monitor collecting the files. Then create a props.conf that filters out unwanted files.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
loopfastener
1 day, 13 hours ago
Selected Answer: B
B is the correct answer. Excerpt from Admin Manual: # Version 9.4.0 # # This file contains possible setting/value pairs for configuring Splunk # software's processing properties through props.conf. # # Props.conf is commonly used for: # # * Configuring line breaking for multi-line events. # * Setting up character set encoding. # * Allowing processing of binary files. # * Configuring timestamp recognition. # * Configuring event segmentation. # * Overriding automated host and source type matching. You can use # props.conf to: # * Configure advanced (regular expression-based) host and source type overrides. # * Override source type matching for data from a particular source. # * Set up rule-based source type recognition. # * Rename source types.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago