Exam SPLK-1005 Topic 1 Question 42 Discussion

Actual exam question for Splunk's SPLK-1005 exam
Question #: 42
Topic #: 1
Consider the following configurations:

What is the value of the sourcetypeproperty for this stanza based on Splunk's configuration file precedence?

Suggested Answer: C Vote an answer

When there are conflicting configurations in Splunk, the platform resolves them based on the configuration file precedence rules. These rules dictate which settings are applied based on the hierarchy of the configuration files.
In the provided configurations:
* The first configuration in $SPLUNK_HOME/etc/apps/unix/local/inputs.conf sets the sourcetype to access_combined.
* The second configuration in $SPLUNK_HOME/etc/apps/search/local/inputs.conf sets the sourcetype to linux_secure.
Configuration File Precedence:
* In Splunk, configurations in local directories take precedence over those in default.
* If two configurations are in local directories of different apps, the alphabetical order of the app names determines the precedence.
Since "search" comes after "unix" alphabetically, the configuration in $SPLUNK_HOME/etc/apps/search
/local/inputs.conf will take precedence.
Therefore, the value of the sourcetype property for this stanza islinux_secure.
Splunk Documentation References:
* Configuration File Precedence
* Resolving Conflicts in Splunk Configurations
This confirms that the correct answer isC. linux_secure.

by Zona at Oct 14, 2024, 09:44 PM

Limited Time Offer

15%

Off

Get Premium SPLK-1005 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10