Splunk Core Certified Advanced Power User — Question 5

During search time, which directory of configuration files has the highest precedence?

Answer options

• A. $SPLUNK_HOME/etc/system/local
• B. $SPLUNK_HOME/etc/system/default
• C. $SPLUNK_HOME/etc/apps/app1/local
• D. $SPLUNK_HOME/etc/users/admin/local

Correct answer: C

Explanation

The directory $SPLUNK_HOME/etc/apps/app1/local has the highest precedence during search time because it allows for app-specific overrides. Other directories, such as $SPLUNK_HOME/etc/system/local and $SPLUNK_HOME/etc/system/default, rank lower in the precedence hierarchy, making their configurations less impactful than those in the app-specific local directory.