nerdexam
ExamsSPLK-1003Questions#99
SplunkSplunk

SPLK-1003 · Question #99

SPLK-1003 Question #99: Real Exam Question with Answer & Explanation

The correct answer is A: host=server1. -etc/system/local/ has better precedence at index time -for identical settings in the same file, the last one overwrite others.

Splunk Indexing

Question

What are the values for host and index for [stanza1] used by Splunk during index time, given the following configuration files?

Options

  • Ahost=server1
  • Bhost=server1
  • Chost=searchsvr1
  • Dhost=unixsvr1

Explanation

-etc/system/local/ has better precedence at index time -for identical settings in the same file, the last one overwrite others.

Topics

#Host field#Metadata assignment#inputs.conf#Index time processing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SPLK-1003 PracticeBrowse All SPLK-1003 Questions