SplunkSplunk
SPLK-1003 · Question #92
SPLK-1003 Question #92: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-1003 to reveal the answer and full explanation for question #92. The question stem and answer options stay visible for context.
Configuration Files
Question
Using SEDCMD in props.conf allows raw data to be modified. With the given event below, which option will mask the first three digits of the AcctID field resulting output: Event: [22/Oct/2018:15:50:21] VendorID=1234 Code=B AcctID=xxx5309
Options
- ASEDCMD-1acct = s/VendorID=\d{3}(\d{4})/VendorID=xxx/g
- BSEDCMD-xxxAcct = s/AcctID=\d{3}(\d{4})/AcctID=xxx/g
- CSEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=\1xxx/g
- DSEDCMD-1acct = s/AcctID=\d{3}(\d{4})/AcctID=xxx\1/g
Unlock SPLK-1003 to see the answer
You've previewed enough free SPLK-1003 questions. Unlock SPLK-1003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#SEDCMD#props.conf#Data Masking#Regular Expressions