This file has been manually created on a universal forwarder: /opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf [monitor:///var/log/messages] sourcetype=syslog index=syslog A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file: /opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf [monitor:///var/log/maillog] sourcetype=maillog Which file is now monitored?
A) /var/log/messages
B) /var/log/maillog
C) /var/log/maillog and /var/log/messages and
D) none of the above
Correct Answer:
Verified
Q36: When deploying apps, which attribute in the
Q37: How can native authentication be disabled in
Q38: Which configuration files are used to transform
Q39: If an update is made to an
Q40: Which is a valid stanza for a
Q42: The CLI command splunk add forward-server indexer:<receiving-port>
Q43: When does a warm bucket roll over
Q44: What is the valid option for a
Q45: Which setting in indexes.conf allows data retention
Q46: Who provides the Application Secret, Integration, and
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents