Splunk Core Certified Power User — Question 204
Which method in the Field Extractor would extract the port number from the following event?
10/20/2022 - 125.24.20.1 ++++ port 54 - user: admin
Answer options
- A. Delimiter
- B. The Field Extractor tool cannot extract regular expressions.
- C. Regular expression
- D. rex command
Correct answer: C
Explanation
The correct answer is C, as regular expressions are specifically designed to match patterns in text, making them ideal for extracting data like port numbers. Option A is incorrect because a delimiter is not sufficient for pattern matching. Option B is wrong as the Field Extractor can indeed utilize regular expressions. Option D refers to a specific command but does not directly relate to the Field Extractor's method.