Which configuration file specifies sourcetype and index for logs in an application context?

The correct choice identifies the configuration file that defines the settings for sourcetypes and indexes for logs in an application context. The inputs.conf file is primarily responsible for handling data input configurations in Splunk. It specifies the data sources from which Splunk will ingest logs, and it is in this file that you can specify the sourcetype, which helps in categorizing the data for correct indexing and searching.

Sourcetypes are important because they determine how the incoming data is parsed and understood by Splunk. By specifying the sourcetype in inputs.conf, you ensure that logs are properly indexed and stored in a relevant manner. The association with the correct index also enables efficient retrieval during search queries.

The other configuration files serve different purposes. Props.conf is utilized more for defining properties of incoming data at a more granular level, such as data transformations, time extraction, and field aliasing, rather than direct input configurations. Outputs.conf is concerned with specifying where the data should be sent after it has been processed, while transforms.conf is used for more complex data manipulations and field extraction rules. Thus, for the context of defining where logs get indexed and their sourcetypes as they are ingested, inputs.conf is the appropriate configuration file.