Implementing DevOps Solutions and Practices Using Cisco Platforms (DEVOPS) — Question 48

How long analysis systems such as Elasticsearch, Logstash, and Kibana Stack handle ingesting unstructured logs from different devices in various formats?

Answer options

• A. All devices that generate syslogs must use agents that process the local logs and transmit them in a specific format to the ELK Stack.
• B. All logs are stored in their unstructured text format, and the ELK Stack performs data analysis by intelligently parsing the logs using machine learning algorithms.
• C. All different message formats are parsed separately using custom filters, and the resulting structured data is stored for later analysis.
• D. A single, comprehensive log format is defined on the ELK Stack. All incoming logs, regardless of format, are transformed to match the comprehensive format, and only applicable fields are populated.

Correct answer: C

Explanation

Option C is correct because it accurately describes how the ELK Stack processes different message formats using custom filters to create structured data for analysis. Option A is incorrect as it suggests all devices must use agents, which is not a requirement for all. Option B misrepresents the storage of logs since they are usually parsed and not kept in their original format, while option D implies a single log format is enforced, which is not the case with the flexible parsing capabilities of the ELK Stack.