Splunk Core Certified Consultant — Question 4

Which of the following statements is true about data transformations using SEDCMD?

Answer options

• A. Can only be used to mask or truncate raw data.
• B. Configured in props.conf and transforms.conf.
• C. Can be used to manipulate the sourcetype per event.
• D. Operates on a REGEX pattern match of the source, sourcetype, or host of an event.

Correct answer: A

Explanation

The correct answer, A, is accurate because SEDCMD is specifically designed for masking or truncating raw data. The other options are incorrect as they suggest capabilities that are not within the scope of SEDCMD, such as configuring in specific files or altering event sourcetypes.