What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?

SPLK-1003 V1 0 Comments

What are the required stanza attributes when configuring the transforms. conf to manipulate or remove events?
A . REGEX, DEST. FORMAT
B . REGEX. SRC_KEY, FORMAT
C . REGEX, DEST_KEY, FORMAT
D . REGEX, DEST_KEY FORMATTING

Answer: C

Explanation:

REGEX = <regular expression>

* Enter a regular expression to operate on your data.

FORMAT = <string>

* NOTE: This option is valid for both index-time and search-time field extraction. Index-time field extraction configuration require the FORMAT settings. The FORMAT settings is optional for search-time field extraction configurations.

* This setting specifies the format of the event, including any field names or values you want to add.

DEST_KEY = <key>

* NOTE: This setting is only valid for index-time field extractions.

* Specifies where SPLUNK software stores the expanded FORMAT results in accordance with the REGEX match.

Latest SPLK-1003 Dumps Valid Version with 119 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SPLK-1003 PDF     SPLK-1003 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments