Posted by: Pdfprep
Post Date: November 9, 2020
This file has been manually created on a universal forwarder:
/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf
[monitor:///var/log/messages]
sourcetype=syslog
index=syslog
A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:
/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf
[monitor:///var/log/maillog]
sourcetype=maillog
index=syslog
Which file is now monitored?
A . /var/log/messages
B . /var/log/maillog
C . /var/log/maillogand /var/log/messages
D . none of the above
Answer: A
Explanation:
Reference:
https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Exampleaddaninputtoforwarders
Leave a Reply