Splunk Exam SPLK-1005 Topic 8 Question 13 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 13
Topic #: 8

[All SPLK-1005 Questions]

Which of the following statements is true about data transformations using SEDCMD?

ACan only be used to mask or truncate raw data.

BConfigured in props.conf and transform.conf.

CCan be used to manipulate the sourcetype per event.

DOperates on a REGEX pattern match of the source, sourcetype, or host of an event.

Show Suggested Answer

Suggested Answer: B

The ellipsis (...) in [monitor:///var/log/.../*.log] allows Splunk to monitor files ending in .log in all nested directories under /var/log/. [Reference: Splunk Docs on monitor stanza syntax]

by Milly at Mar 24, 2025, 04:51 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!