Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Splunk Exam SPLK-1005 Topic 3 Question 1 Discussion

Actual exam question for Splunk's SPLK-1005 exam
Question #: 1
Topic #: 3
[All SPLK-1005 Questions]

A customer wants to mask unstructured data before sending it to Splunk Cloud. Where should SEBCMD be configured for this?

Show Suggested Answer Hide Answer
Suggested Answer: B

To mask unstructured data before sending it to Splunk Cloud, the SEDCMD should be configured in the props.conf file on a Heavy Forwarder. The Heavy Forwarder is responsible for data parsing and transformation before forwarding the data to Splunk Cloud. This ensures that sensitive data is masked before it reaches the indexing stage.

Splunk Documentation Reference: Using SEDCMD to Mask Data


Contribute your Thoughts:

Romana
2 days ago
I agree with Virgie, because Heavy Forwarders are responsible for data routing and transformation before sending it to the indexer.
upvoted 0 times
...
Virgie
5 days ago
I think SEBCMD should be configured in props.conf on a Heavy Forwarder.
upvoted 0 times
...

Save Cancel