Splunk Exam SPLK-1005 Topic 9 Question 8 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 8
Topic #: 9

[All SPLK-1005 Questions]

Which of the following is correct in regard to configuring a Universal Forwarder as an Intermediate Forwarder?

AThis can only be turned on using the Settings > Forwarding and Receiving menu in Splunk Web/UI.

BThe configuration changes can be made using Splunk Web. CU, directly in configuration files, or via a deployment app.

CThe configuration changes can be made using CU, directly in configuration files, or via a deployment app.

DIt is only possible to make this change directly in configuration files or via a deployment app.

Show Suggested Answer

Suggested Answer: B

When a directory monitor is set up with automatic sourcetyping, a user can selectively override the sourcetype assignment by configuring the props.conf file on the forwarder. The props.conf file allows you to define how data should be parsed and processed, including assigning or overriding sourcetypes for specific data inputs.

Splunk Documentation Reference: props.conf configuration

by Chaya at Dec 09, 2024, 05:34 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lovetta

3 days ago

I think the answer is B.

upvoted 0 times

...