Splunk Core Certified Advanced Power User — Question 170

A log file contains 193 days worth of timestamped events. Which monitor stanza would be used to collect data 45 days old and newer from that log file?

Answer options

• A. followTail = -45d
• B. ignore = 45d
• C. includeNewerThan = 45d
• D. ignoreOlderThan = 45d

Correct answer: D

Explanation

The correct answer is D, 'ignoreOlderThan = 45d', as it specifies that events older than 45 days should not be collected. Option A does not correctly filter the logs to only include the desired timeframe, while options B and C are not suitable for excluding older data.