BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Splunk Exam SPLK-1002 Topic 11 Question 71 Discussion

Actual exam question for Splunk's SPLK-1002 exam
Question #: 71
Topic #: 11
[All SPLK-1002 Questions]

Which method in the Field Extractor would extract the port number from the following event? |

10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin

Show Suggested Answer Hide Answer
Suggested Answer: B

The rex command allows you to extract fields from events using regular expressions. You can use the rex command to specify a named group that matches the port number in the event. For example:

rex '++++port (?d+)'

This will create a field called port with the value 54 for the event.

The delimiter method is not suitable for this event because there is no consistent delimiter between the fields. The regular expression method is not a valid option for the Field Extractor tool. The Field Extractor tool can extract regular expressions, but it is not a method by itself.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel