BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-1005 Topic 5 Question 4 Discussion

Actual exam question for Splunk's SPLK-1005 exam
Question #: 4
Topic #: 5
[All SPLK-1005 Questions]

When adding a directory monitor and specifying a sourcetype explicitly, it applies to all files in the directory and subdirectories. If automatic sourcetyping is used, a user can selectively override it in which file on the forwarder?

Show Suggested Answer Hide Answer
Suggested Answer: B

When a directory monitor is set up with automatic sourcetyping, a user can selectively override the sourcetype assignment by configuring the props.conf file on the forwarder. The props.conf file allows you to define how data should be parsed and processed, including assigning or overriding sourcetypes for specific data inputs.

Splunk Documentation Reference: props.conf configuration


by Nickolas at Oct 23, 2024, 12:20 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Madelyn
3 days ago
Hmm, I was thinking C) inputs.conf, but now I'm not so sure. This question is tricky!
upvoted 0 times
...
Yun
8 days ago
I'm pretty sure the answer is B) props.conf, since that's where you can override the sourcetype settings.
upvoted 0 times
...
Amina
21 days ago
I agree with Gail, inputs.conf is the correct answer for selectively overriding automatic sourcetyping.
upvoted 0 times
...
Gail
23 days ago
I think the answer is C) inputs.conf because it allows us to override automatic sourcetyping.
upvoted 0 times
...

Save Cancel