Exam SPLK-1002 Topic 8 Question 221 Discussion
Actual exam question for Splunk's SPLK-1002 exam
Question #: 221
Topic #: 8
Question #: 221
Topic #: 8
Which method in the Field Extractor would extract the port number from the following event? |
10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin <web error>
10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin <web error>
Suggested Answer: B Vote an answer
Explanation
The rex command allows you to extract fields from events using regular expressions. You can use the rex command to specify a named group that matches the port number in the event. For example:
rex "\+\+\+\+port (?<port>\d+)"
This will create a field called port with the value 54 for the event.
The delimiter method is not suitable for this event because there is no consistent delimiter between the fields.
The regular expression method is not a valid option for the Field Extractor tool. The Field Extractor tool can extract regular expressions, but it is not a method by itself.
Reference: 1 Splunk Core Certified Power User | Splunk
The rex command allows you to extract fields from events using regular expressions. You can use the rex command to specify a named group that matches the port number in the event. For example:
rex "\+\+\+\+port (?<port>\d+)"
This will create a field called port with the value 54 for the event.
The delimiter method is not suitable for this event because there is no consistent delimiter between the fields.
The regular expression method is not a valid option for the Field Extractor tool. The Field Extractor tool can extract regular expressions, but it is not a method by itself.
Reference: 1 Splunk Core Certified Power User | Splunk
by Betsy at Sep 05, 2025, 01:55 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).