What are the default values for host, source, and sourcetype in monitored inputs of inputs.conf?

The choice indicating that the host is defined in the configuration file is correct because, in Splunk, when data is monitored through inputs.conf, there is a default behavior concerning the assignment of the host field. If the host is not explicitly set in inputs.conf, Splunk will automatically assign the hostname of the machine where the data is being collected as the default value for the host field.

This means that even if you don't configure a specific host setting, Splunk will still provide a meaningful value based on the environment, simplifying data ingest and facilitating easier identification of data sources. In contrast, the source and sourcetype do not have fixed defaults; typically, the source is derived from the file path or directory path from which data is being ingested, and sourcetype may need to be specified to correctly categorize the data's format.

Therefore, saying that “host is defined in configuration file” captures this default assignment correctly since it implies there is a method by which the host information is established, either explicitly via configuration or implicitly through the system's hostname.