Splunk Enterprise Certified Admin Practice Test

Which of the following statements about the file monitor input is correct?

• A. It can only monitor files that are specified explicitly
• B. It does not support compressed files
• C. It monitors files recursively if a directory is specified
• D. It is limited to text files only

The correct answer is: It monitors files recursively if a directory is specified

The statement that the file monitor input monitors files recursively if a directory is specified is correct. When configuring a file monitor input in Splunk, if you set it to monitor a directory, it will automatically track not only the files directly within that directory but also any files contained within its subdirectories. This recursive monitoring allows for a comprehensive method of ingesting data, ensuring that all relevant log files or data files are captured without needing to explicitly list each one. This capability is particularly useful in environments where log files may be generated dynamically, making it easier to manage large datasets and ensuring that fresh data is continuously ingested. The other statements do not accurately represent the capabilities of the file monitor input. For instance, the input can be configured to monitor files that match certain criteria or patterns, not just explicitly specified files. While it is true that certain input configuration limits may apply, such as some processing limitations or the requirement for certain file formats, the statement that it does not support compressed files may not hold true as well, depending on the configuration and version of Splunk in use. Additionally, the file monitor input is not limited to just text files; it can also process binary files, though considerations around the type of data being ingested may apply depending on