A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchase/transactions. log that has the following format:

SPLK-1005 V2 0 Comments

A user has been asked to mask some sensitive data without tampering with the structure of the file /var/log/purchase/transactions. log that has the following format:

A)

B)

C)

D)

A . Option A
B . Option B
C . Option C
D . Option D

Answer: B

Explanation:

Option B is the correct approach because it properly uses a TRANSFORMS stanza in props.conf to reference the transforms.conf for removing sensitive data. The transforms stanza in transforms.conf uses a regular expression (REGEX) to locate the sensitive data (in this case, the SuperSecretNumber) and replaces it with a masked version using the FORMAT directive. In detail:

props.conf refers to the transforms.conf stanza remove_sensitive_data by setting TRANSFORMS-cleanup = remove_sensitive_data.

transforms.conf defines the regular expression that matches the sensitive data and specifies how the sensitive data should be replaced in the FORMAT directive.

This approach ensures that sensitive information is masked before indexing without altering the structure of the log files.

Splunk Cloud

Reference: For further reference, you can look at Splunk’s documentation regarding data masking and transformation through props.conf and transforms.conf. Source:

Splunk Docs: Anonymize data

Splunk Docs: Props.conf and Transforms.conf

Latest SPLK-1005 Dumps Valid Version with 73 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SPLK-1005 PDF     SPLK-1005 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments