Which statement correctly describes the behavior of log files configured in Splunk?

The statement that inputs must be configured for logs to be captured accurately reflects how Splunk operates. For Splunk to collect and index log data, administrators need to set up data inputs explicitly. This configuration process defines which files or directories Splunk should monitor and under what conditions the data should be ingested.

In Splunk, inputs can be configured through various methods, including the Splunk web interface, configuration files, and monitoring filesystems. This approach ensures that the correct log data is captured and allows for customization according to the specific needs of an organization.

The other statements do not represent the functionality of Splunk correctly. For instance, there is no hardcoded policy in Splunk that deletes all log files after a specific time, such as 30 days. Additionally, while Splunk can monitor files in specified directories, it does not inherently seize all log files automatically without designated input configuration. Lastly, log files cannot be monitored without configuration; inputs are necessary to define what data should be collected.