ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1003 All Questions

View all questions & answers for the SPLK-1003 exam
Go to Exam

Exam SPLK-1003 topic 1 question 49 discussion

Actual exam question from Splunk's SPLK-1003
Question #: 49
Topic #: 1
[All SPLK-1003 Questions]

What are the required stanza attributes when configuring the transforms.conf to manipulate or remove events?

  • A. REGEX, DEST, FORMAT
  • B. REGEX, SRC_KEY, FORMAT
  • C. REGEX, DEST_KEY, FORMAT
  • D. REGEX, DEST_KEY, FORMATTING
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Admin/Transformsconf
by amporiik at Aug. 5, 2020, 4:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amporiik
Highly Voted 2 years, 4 months ago
C. REGEX, DEST_KEY, FORMAT
upvoted 9 times
ucsdmiami2020
1 year, 2 months ago
Agreed C. Doing a Ctrl+F within the Splunk reference URL https://docs.splunk.com/Documentation/Splunk/latest/Admin/Transformsconf REGEX = <regular expression> * Enter a regular expression to operate on your data. FORMAT = <string> * NOTE: This option is valid for both index-time and search-time field extraction. Index-time field extraction configuration require the FORMAT settings. The FORMAT settings is optional for search-time field extraction configurations. * This setting specifies the format of the event, including any field names or values you want to add. DEST_KEY = <key> * NOTE: This setting is only valid for index-time field extractions. * Specifies where SPLUNK software stores the expanded FORMAT results in accordance with the REGEX match.
upvoted 2 times
...
...
Apis
Most Recent 11 months, 1 week ago
Selected Answer: C
C is correct
upvoted 1 times
...
DeltaPotato
1 year, 3 months ago
Confirming C. - Data Admin pdf, page 240-241. When SOURCE_KEY is omitted, _raw is used as default.
upvoted 1 times
...
ames
2 years, 3 months ago
Latest version https://docs.splunk.com/Documentation/Splunk/latest/Admin/Transformsconf
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel