Splunk Exam SPLK-1003 Topic 8 Question 91 Discussion

Actual exam question for Splunk's SPLK-1003 exam

Question #: 91
Topic #: 8

[All SPLK-1003 Questions]

Which file will be matched for the following monitor stanza in inputs. conf?

A[monitor: ///var/log/*/bar/*. txt]

B/var/log/host_460352847/temp/bar/file/csv/foo.txt

C/var/log/host_460352847/bar/foo.txt

D/var/log/host_460352847/bar/file/foo.txt

E/var/ log/ host_460352847/temp/bar/file/foo.txt

Show Suggested Answer

Suggested Answer: C

The correct answer is C. /var/log/host_460352847/bar/file/foo.txt.

The monitor stanza in inputs.conf is used to configure Splunk to monitor files and directories for new data. The monitor stanza has the following syntax1:

[monitor://<input path>]

The input path can be a file or a directory, and it can include wildcards (*) and regular expressions. The wildcards match any number of characters, including none, while the regular expressions match patterns of characters. The input path is case-sensitive and must be enclosed in double quotes if it contains spaces1.

In this case, the input path is /var/log//bar/.txt, which means Splunk will monitor any file with the .txt extension that is located in a subdirectory named bar under the /var/log directory. The subdirectory bar can be at any level under the /var/log directory, and the * wildcard will match any characters before or after the bar and .txt parts1.

Therefore, the file /var/log/host_460352847/bar/file/foo.txt will be matched by the monitor stanza, as it meets the criteria. The other files will not be matched, because:

A) /var/log/host_460352847/temp/bar/file/csv/foo.txt has a .csv extension, not a .txt extension.

B) /var/log/host_460352847/bar/foo.txt is not located in a subdirectory under the bar directory, but directly in the bar directory.

D) /var/log/host_460352847/temp/bar/file/foo.txt is located in a subdirectory named file under the bar directory, not directly in the bar directory.

by Julieta at Jun 21, 2024, 06:29 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Annelle

4 months ago

This question is a real head-scratcher. I'm going to go with option B, just to see if I can surprise the exam grader. After all, who would expect the 'foo.txt' file to be in a 'csv' directory?

upvoted 0 times

...

Mica

4 months ago

Hah, this is a tricky one! I bet the developer who wrote this monitor stanza was having a bad day. I'm going to go with option E, just to see if I can outsmart the question writer.

upvoted 0 times

...