ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-1005 All Questions

View all questions & answers for the SPLK-1005 exam
Go to Exam

Exam SPLK-1005 topic 1 question 33 discussion

Actual exam question from Splunk's SPLK-1005
Question #: 33
Topic #: 1
[All SPLK-1005 Questions]

Which of the following methods is valid for creating index-time field extractions?

  • A. Use the UI to create a sourcetype, specify the field name and corresponding regular expression with capture statement.
  • B. Create a configuration app with the index-time props.conf and/or transforms.conf, and upload the app via UI.
  • C. Use the CLI app to define settings in fields.conf, and restart Splunk Cloud.
  • D. Use the rex command to extract the desired field, and then save as a calculated field.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pekata at April 5, 2025, 8:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
2dd1c50
1 day, 11 hours ago
Selected Answer: B
The correct answer is: ✅ **B. Create a configuration app with the index-time props.conf and/or transforms.conf, and upload the app via UI.** Explanation: **Index-time field extractions** are configured using: * `props.conf`: to specify when and how to apply the extraction * `transforms.conf`: to define the actual extraction logic using regex or other methods These configurations **must be deployed via an app** and, in **Splunk Cloud**, are uploaded through the UI (under **Manage Apps > Upload app**).
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel