Splunk Exam SPLK-1005 Topic 8 Question 13 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 13
Topic #: 8

[All SPLK-1005 Questions]

Which of the following statements is true about data transformations using SEDCMD?

ACan only be used to mask or truncate raw data.

BConfigured in props.conf and transform.conf.

CCan be used to manipulate the sourcetype per event.

DOperates on a REGEX pattern match of the source, sourcetype, or host of an event.

Show Suggested Answer

Suggested Answer: B

The ellipsis (...) in [monitor:///var/log/.../*.log] allows Splunk to monitor files ending in .log in all nested directories under /var/log/. [Reference: Splunk Docs on monitor stanza syntax]

by Milly at Mar 24, 2025, 04:51 AM

Limited Time Offer

25%

Off

Get Premium SPLK-1005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Timothy

1 days ago

I agree with Ena, because SEDCMD is used for data transformations in Splunk.

upvoted 0 times

...

Ena

3 days ago

I think the correct answer is B) Configured in props.conf and transform.conf.

upvoted 0 times

...

Latricia

8 days ago

Option C seems to be the correct answer. SEDCMD can be used to manipulate the sourcetype per event, which is a pretty powerful feature.

upvoted 0 times

...