BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Splunk Exam SPLK-1005 Topic 3 Question 1 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 1
Topic #: 3

[All SPLK-1005 Questions]

A customer wants to mask unstructured data before sending it to Splunk Cloud. Where should SEBCMD be configured for this?

Aprops. conf on a Splunk Cloud search head,

Bprops.conf on a Heavy Forwarder.

Ctransforms, cent on a Splunk Cloud indexer.

Dprops. conf- on a Universal Forwarder.

Show Suggested Answer

Suggested Answer: B

To mask unstructured data before sending it to Splunk Cloud, the SEDCMD should be configured in the props.conf file on a Heavy Forwarder. The Heavy Forwarder is responsible for data parsing and transformation before forwarding the data to Splunk Cloud. This ensures that sensitive data is masked before it reaches the indexing stage.

Splunk Documentation Reference: Using SEDCMD to Mask Data

by Dan at Oct 19, 2024, 11:46 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Reuben

16 hours ago

B) props.conf on a Heavy Forwarder. Heavy as in, I'm heavy on the correct answers. Bring it on!

upvoted 0 times

...

Paz

6 days ago

C) transforms, cent on a Splunk Cloud indexer. Sounds like a party trick to me. Let's see if it can do the hokey-pokey too.

upvoted 0 times

...

Sharen

11 days ago

D) props. conf on a Universal Forwarder. Universal, just like my knowledge on this topic. Boom!

upvoted 0 times

...

Ashton

13 days ago

A) props. conf on a Splunk Cloud search head. I mean, why complicate things, right? Just let the big guns handle it.

upvoted 0 times

Glory

19 hours ago

B) props.conf on a Heavy Forwarder. But wouldn't it be better to do it on the search head?

upvoted 0 times

...

Paris

3 days ago

A) props. conf on a Splunk Cloud search head. I agree, keep it simple.

upvoted 0 times

...

...

Kris

29 days ago

B) props.conf on a Heavy Forwarder. That's the way to go, folks. Keep it simple, you know?

upvoted 0 times

Patti

16 days ago

A) props. conf on a Splunk Cloud search head.

upvoted 0 times

...

...

Romana

1 months ago

I agree with Virgie, because Heavy Forwarders are responsible for data routing and transformation before sending it to the indexer.

upvoted 0 times

...

Virgie

1 months ago

I think SEBCMD should be configured in props.conf on a Heavy Forwarder.

upvoted 0 times

...