Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk Enterprise/Cloud Administration > Module 9: Fine-tuning Inputs > Flashcards

Module 9: Fine-tuning Inputs Flashcards

1
Q

What is props.conf used for?

A
  • Props.conf is a config file that is reference through all phases of Splunk: inputs, parsing and searching
  • See props.conf.spec and props.conf.examples
  • Used for fine tuning inputs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is character encoding?

A
  • During the input phase, Splunk sets all input data to utf-8 encoding by default
  • This can be overridden if needed by setting the CHARSET attribute
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can directory monitor sourcetypes be fine tuned?

A

• When you add a directory monitor and specify a sourcetype explicitly, it applies to all files in the directory and subdirectors
• You can omit the sourcetype attribute
o Splunk tries to use automatic pre-trained rules
• You can then selectively override the sourcetype with props.conf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk Enterprise/Cloud Administration (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions