Splunk Enterprise Security Certified Analyst — Question 14

Data can be onboarded using apps, Splunk Web, or the CLI.
Which is the PS preferred method?

Answer options

• A. Create UDP input port 9997 on a UF.
• B. Use the add data wizard in Splunk Web.
• C. Use the inputs.conf file.
• D. Use a scripted input to monitor a log file.

Correct answer: C

Explanation

The correct answer is C, as using the inputs.conf file allows for detailed configuration and management of data inputs, which is preferred for its flexibility and control. Options A, B, and D are valid methods but do not offer the same level of configurability and standardization that the inputs.conf file provides.