Which Splunk configuration file is used to enable data integrity checking?
Which Splunk configuration file is used to enable data integrity checking?
To enable data integrity checking in Splunk, the configuration file used is indexes.conf. This is where you set the enableDataIntegrityControl attribute to true for each index, which controls whether data integrity checks are performed.
C is correct https://docs.splunk.com/Documentation/Splunk/8.1.2/Security/Dataintegritycontrol#:~:text=When%20you%20enable%20data%20integrity%20control%2C%20Splunk%20Enterprise%20computes%20hashes,it%20to%20a%20l1Hashes%20file.
Agreed C. Per the provided Reference URL "To configure Data Integrity Control, edit indexes.conf to enable the enableDataIntegrityControl attributed for each index. The default value for all indexes is false (off).
I also believe the correct answer is C. https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol
option C enableDataIntegrityControl=true can be given in indexes.conf