New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Splunk Exam SPLK-1005 Topic 3 Question 1 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 1
Topic #: 3

[All SPLK-1005 Questions]

A customer wants to mask unstructured data before sending it to Splunk Cloud. Where should SEBCMD be configured for this?

Aprops. conf on a Splunk Cloud search head,

Bprops.conf on a Heavy Forwarder.

Ctransforms, cent on a Splunk Cloud indexer.

Dprops. conf- on a Universal Forwarder.

Show Suggested Answer

Suggested Answer: B

To mask unstructured data before sending it to Splunk Cloud, the SEDCMD should be configured in the props.conf file on a Heavy Forwarder. The Heavy Forwarder is responsible for data parsing and transformation before forwarding the data to Splunk Cloud. This ensures that sensitive data is masked before it reaches the indexing stage.

Splunk Documentation Reference: Using SEDCMD to Mask Data

by Dan at Oct 19, 2024, 11:46 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Judy

1 months ago

D) props. conf on a Universal Forwarder. Universal, like my ability to confuse myself with all these options. Cheers!

upvoted 0 times

Jesusita

2 days ago

A) props. conf on a Splunk Cloud search head

upvoted 0 times

...

...

Reuben

1 months ago

B) props.conf on a Heavy Forwarder. Heavy as in, I'm heavy on the correct answers. Bring it on!

upvoted 0 times

...

Paz

1 months ago

C) transforms, cent on a Splunk Cloud indexer. Sounds like a party trick to me. Let's see if it can do the hokey-pokey too.

upvoted 0 times

Gabriele

5 days ago

D) props. conf- on a Universal Forwarder.

upvoted 0 times

...

Margarita

23 days ago

C) transforms, cent on a Splunk Cloud indexer.

upvoted 0 times

...

Matthew

26 days ago

B) props.conf on a Heavy Forwarder.

upvoted 0 times

...

Bo

1 months ago

A) props. conf on a Splunk Cloud search head.

upvoted 0 times

...

...

Sharen

2 months ago

D) props. conf on a Universal Forwarder. Universal, just like my knowledge on this topic. Boom!

upvoted 0 times

...

Ashton

2 months ago

A) props. conf on a Splunk Cloud search head. I mean, why complicate things, right? Just let the big guns handle it.

upvoted 0 times

Antonio

26 days ago

A) props. conf on a Splunk Cloud search head. It's easier to manage that way.

upvoted 0 times

...

Glory

1 months ago

B) props.conf on a Heavy Forwarder. But wouldn't it be better to do it on the search head?

upvoted 0 times

...

Paris

1 months ago

A) props. conf on a Splunk Cloud search head. I agree, keep it simple.

upvoted 0 times

...

...

Kris

2 months ago

B) props.conf on a Heavy Forwarder. That's the way to go, folks. Keep it simple, you know?

upvoted 0 times

Bettina

1 months ago

C) transforms, cent on a Splunk Cloud indexer.

upvoted 0 times

...

Cristina

1 months ago

B) props.conf on a Heavy Forwarder.

upvoted 0 times

...

Patti

2 months ago

A) props. conf on a Splunk Cloud search head.

upvoted 0 times

...

...

Romana

2 months ago

I agree with Virgie, because Heavy Forwarders are responsible for data routing and transformation before sending it to the indexer.

upvoted 0 times

...

Virgie

2 months ago

I think SEBCMD should be configured in props.conf on a Heavy Forwarder.

upvoted 0 times

...