Which file is now monitored?

Posted by: Pdfprep Category: SPLK-1003 Tags: , ,

This file has been manually created on a universal forwarder:

/opt/splunkforwarder/etc/apps/my_TA/local/inputs.conf

[monitor:///var/log/messages]

sourcetype=syslog

index=syslog

A new Splunk admin comes in and connects the universal forwarders to a deployment server and deploys the same app with a new inputs.conf file:

/opt/splunk/etc/deployment-apps/my_TA/local/inputs.conf

[monitor:///var/log/maillog]

sourcetype=maillog

index=syslog

Which file is now monitored?
A . /var/log/messages
B . /var/log/maillog
C . /var/log/maillogand /var/log/messages
D . none of the above

Answer: A

Explanation:

Reference:

https://docs.splunk.com/Documentation/Splunk/7.3.1/Updating/Exampleaddaninputtoforwarders

Leave a Reply

Your email address will not be published.