ExamTopics Logo
Mail Us[email protected]
Menu
Splunk Discussions
exam questions

Exam SPLK-3003 All Questions

View all questions & answers for the SPLK-3003 exam
Go to Exam

Exam SPLK-3003 topic 1 question 26 discussion

Actual exam question from Splunk's SPLK-3003
Question #: 26
Topic #: 1
[All SPLK-3003 Questions]

Consider the scenario where the /var/log directory contains the files secure, messages, cron, audit. A customer has created the following inputs.conf stanzas in the same Splunk app in order to attempt to monitor the files secure and messages:

Which file(s) will actually be actively monitored?

  • A. /var/log/secure
  • B. /var/log/messages
  • C. /var/log/messages, /var/log/cron, /var/log/audit, /var/log/secure
  • D. /var/log/secure, /var/log/messages
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jbabbin at Jan. 10, 2021, 6:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
v12
Highly Voted 2 years, 4 months ago
if stanzas are same only the last one gets applied, see the discussions here:- https://community.splunk.com/t5/Archive/Multiple-stanza-in-inputs-conf-for-the-same-folder/m-p/353748
upvoted 8 times
...
simplekindaman
Highly Voted 2 years, 4 months ago
Agree with v12 on this one. The second stanza will override the first, and only secure will be monitored. A is correct
upvoted 7 times
...
spl_bonn
Most Recent 7 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
pepeperez
11 months, 2 weeks ago
Selected Answer: A
page 193 of SCI
upvoted 4 times
...
Redtonyeah
1 year ago
A is the correct
upvoted 1 times
...
jbabbin
2 years, 5 months ago
Also both files will be monitored , though the first stanza won't log to splunk assuming the spelling issue with the index, but will be monitored and just have the data lost/not written.
upvoted 1 times
...
jbabbin
2 years, 5 months ago
This is wrong the correct answer is D both of the files would be indexed Assuming the spelling error with the first stanza is fixed the whitelist option specifically calls out both files https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/Whitelistorblacklistspecificincomingdata
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel