ExamGecko
Question list
Search
Search

List of questions

Search

Question 7 - SPLK-1005 discussion

Report
Export

Files from multiple systems are being stored on a centralized log server. The files are organized into directories based on the original server they came from. Which of the following is a recommended approach for correctly setting the host values based on their origin?

A.

Use the host segment, setting.

Answers
A.

Use the host segment, setting.

B.

Set host = * in the monitor stanza.

Answers
B.

Set host = * in the monitor stanza.

C.

The host value cannot be dynamically set.

Answers
C.

The host value cannot be dynamically set.

D.

Manually create a separate monitor stanza for each host, with the nose = value set.

Answers
D.

Manually create a separate monitor stanza for each host, with the nose = value set.

Suggested answer: A

Explanation:

The recommended approach for setting the host values based on their origin when files from multiple systems are stored on a centralized log server is to use the host_segment setting. This setting allows you to dynamically set the host value based on a specific segment of the file path, which can be particularly useful when organizing logs from different servers into directories.

Splunk Documentation

Reference: Inputs.conf - host_segment

asked 10/10/2024
Victor Bogdan Grecu
34 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first