Splunk Infrastructure Overview — Question 49

What is the recommended way to create a field extraction that is both persistent and precise?

Answer options

• A. Use the rex command.
• B. Use the Field Extractor and manually edit the generated regular expression.
• C. Use the Field Extractor and let it automatically generate a regular expression.
• D. Use the erex command.

Correct answer: B

Explanation

The correct answer is B because manually editing the regular expression after using the Field Extractor ensures both precision and persistence tailored to specific data needs. Option A, using the rex command, does not guarantee persistence as it is often transient. Option C relies on automation, which may not yield the most accurate or long-lasting results. Option D, the erex command, is not the best choice for creating persistent field extractions.