New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Splunk Exam SPLK-1005 Topic 9 Question 8 Discussion

Actual exam question for Splunk's SPLK-1005 exam
Question #: 8
Topic #: 9
[All SPLK-1005 Questions]

When adding a directory monitor and specifying a sourcetype explicitly, it applies to all files in the directory and subdirectories. If automatic sourcetyping is used, a user can selectively override it in which file on the forwarder?

Show Suggested Answer Hide Answer
Suggested Answer: B

When a directory monitor is set up with automatic sourcetyping, a user can selectively override the sourcetype assignment by configuring the props.conf file on the forwarder. The props.conf file allows you to define how data should be parsed and processed, including assigning or overriding sourcetypes for specific data inputs.

Splunk Documentation Reference: props.conf configuration


by Chaya at Dec 09, 2024, 05:34 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lashaunda
2 days ago
I was just about to say props.conf! That's where you can override the automatic sourcetyping, right?
upvoted 0 times
...
Delmy
14 days ago
I'm not sure, but I think transforms.conf is used for field extractions and props.conf is for sourcetype settings.
upvoted 0 times
...
Johnetta
15 days ago
I agree with Alexia, inputs.conf allows for selective override of automatic sourcetyping.
upvoted 0 times
...
Alexia
18 days ago
I think the answer is C) inputs.conf.
upvoted 0 times
...
Ethan
18 days ago
Definitely props.conf. That's where the magic happens when it comes to configuring file inputs.
upvoted 0 times
Willodean
4 days ago
A) transforms.conf
upvoted 0 times
...
...
Eric
20 days ago
I'm pretty sure it's props.conf. That's where we define our sourcetypes and other file-level settings.
upvoted 0 times
Yuki
2 days ago
B) props.conf
upvoted 0 times
...
Olga
10 days ago
A) transforms.conf
upvoted 0 times
...
...

Save Cancel