Splunk Enterprise Certified Architect — Question 80

Several critical searches that were functioning correctly yesterday are not finding a lookup table today. Which log file would be the best place to start troubleshooting?

Answer options

• A. web_access.log
• B. btool.log
• C. configuration_change.log
• D. health.log

Correct answer: C

Explanation

The correct answer is C, as the configuration_change.log will contain records of any modifications made to the system configuration that could affect the lookup table. The other log files, such as web_access.log, focus on user access details, btool.log is related to the configuration management tool's operations, and health.log monitors system health but may not provide specific insights into configuration changes.