SPLK-1003 · Question #174
SPLK-1003 Question #174: Real Exam Question with Answer & Explanation
The correct answer is C: /var/log/host_460352847/bar/foo.txt. The monitor stanza in inputs.conf is used to configure Splunk to monitor files and directories for new data. The monitor stanza has the following syntax: [monitor://<input path>] The input path can be a file or a directory, and it can include wildcards () and regular expressions.
Question
Which file will be matched for the following monitor stanza in inputs. conf?
Options
- A[monitor: ///var/log/*/bar/*. txt]
- B/var/log/host_460352847/temp/bar/file/csv/foo.txt
- C/var/log/host_460352847/bar/foo.txt
- D/var/log/host_460352847/bar/file/foo.txt
- E/var/ log/ host_460352847/temp/bar/file/foo.txt
Explanation
The monitor stanza in inputs.conf is used to configure Splunk to monitor files and directories for new data. The monitor stanza has the following syntax: [monitor://<input path>] The input path can be a file or a directory, and it can include wildcards (*) and regular expressions. The wildcards match any number of characters, including none, while the regular expressions match patterns of characters. The input path is case-sensitive and must be enclosed in double quotes if it contains spaces. In this case, the input path is /var/log//bar/.txt, which means Splunk will monitor any file with the .txt extension that is located in a subdirectory named bar under the /var/log directory. The subdirectory bar can be at any level under the /var/log directory, and the * wildcard will match any characters before or after the bar and .txt parts. Therefore, the file /var/log/host_460352847/bar/file/foo.txt will be matched by the monitor stanza, as it meets the
Topics
Community Discussion
No community discussion yet for this question.