ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1005 All Questions

View all questions & answers for the SPLK-1005 exam
Go to Exam

Exam SPLK-1005 topic 1 question 31 discussion

Actual exam question from Splunk's SPLK-1005
Question #: 31
Topic #: 1
[All SPLK-1005 Questions]

For the following data, what would be the correct attribute/value pair to use to successfully extract the correct timestamp from all the events?

  • A. TIME_FORMAT = %b %d %H:%M:%S %z
  • B. DATETIME_CONFIG = %Y-%m-%d %H:%M:%S %z
  • C. TIME_FORMAT = %b %d %H:%M:%S
  • D. DATETIME_CONFIG = %b %d %H:%M:%S
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BOSS2107 at Jan. 15, 2025, 9:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
2dd1c50
1 day, 11 hours ago
Selected Answer: C
Let's examine the timestamp format in the events: Each log line starts like this: ``` Sep 12 06:11:58 ``` This format includes: * `%b` → abbreviated month (e.g., Sep) * `%d` → day of the month (e.g., 12) * `%H:%M:%S` → time in 24-hour format (e.g., 06:11:58) ✅ C. `TIME_FORMAT = %b %d %H:%M:%S`**
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel