Splunk Exam SPLK-1005 Topic 12 Question 11 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 11
Topic #: 12

Given the following set of files, which of the monitor stanzas below will result in Splunk monitoring all of the files ending with .log?

Files:

/var/log/www1/secure.log

/var/log/www1/access.log

/var/log/www2/logs/secure.log

/var/log/www2/access.log

/var/log/www2/access.log.1

A[monitor:///var/log/*/*.log]

B[monitor:///var/log/.../*.log]

C[monitor:///var/log/*/*]

D[monitor:///var/log/.../*]

Show Suggested Answer

Suggested Answer: B

The ellipsis (...) in [monitor:///var/log/.../*.log] allows Splunk to monitor files ending in .log in all nested directories under /var/log/. [Reference: Splunk Docs on monitor stanza syntax]

by Lenny at Feb 08, 2025, 09:38 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Daniel

3 days ago

I think Option A is the way to go. The '/*/*.log' pattern will match all the .log files in the immediate subdirectories of /var/log.

upvoted 0 times

...

Charlie

6 days ago

I'm not sure about B. Doesn't the '...' wildcard match any number of directories? Wouldn't that potentially include more files than just the ones ending in .log?

upvoted 0 times

...

Malinda

8 days ago

But A specifies monitoring all files ending with .log in any subdirectory, while B specifies monitoring all files ending with .log in any depth of subdirectories.

upvoted 0 times

...