Splunk Exam SPLK-1002 Topic 11 Question 71 Discussion

Actual exam question for Splunk's SPLK-1002 exam

Question #: 71
Topic #: 11

[All SPLK-1002 Questions]

Which method in the Field Extractor would extract the port number from the following event? |

10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin

ADelimiter

Brex command

CThe Field Extractor tool cannot extract regular expressions.

DRegular expression

Show Suggested Answer

Suggested Answer: B

The rex command allows you to extract fields from events using regular expressions. You can use the rex command to specify a named group that matches the port number in the event. For example:

rex '\+\+\+\+port (?\d+)'

This will create a field called port with the value 54 for the event.

The delimiter method is not suitable for this event because there is no consistent delimiter between the fields. The regular expression method is not a valid option for the Field Extractor tool. The Field Extractor tool can extract regular expressions, but it is not a method by itself.

by Caitlin at Jul 03, 2023, 04:06 PM

Limited Time Offer

25%

Off

Get Premium SPLK-1002 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!