Creating and Managing Fields

Question 1

What are the two different methods the field extractor can use?

Answer 1

• Regular Expression
• Delimiters

Question 2

When should you use the Regular Expression method of Field Extraction?

Answer 2

The RegEx method works well when you have unstructured data and events that you want to extract fields from.

Question 3

When should you use the Delimiters method of Field Extraction?

Answer 3

The Delimiters method works well when event contain fields separated by a character.

Question 4

What are the three ways to access the Field Extractor utility?

Answer 4

1. Settings > Fields > Field Extractions
2. Field Sidebar (+Extract New Fields option below all your fields).
3. Event Actions Menu (easiest way to extract a field).

Question 5

What is the best way to see if data is getting extracted properly when using the Field Extractor?

Answer 5

Using the nonmatches button to see if there are events still. Sometimes you may need to take multiple samples for the same field.

Question 6

True of False: The Field Extractor automatically generates regex.

Answer 6

True.

Question 7

Which of the following file formats can be extracted using a delimiter field extraction?

Answer 7

CSV

Question 8

When using the Field Extractor, which delimiters will work?

Answer 8

• Spaces
• Commas
• Pipes
• Tabs
• Other Characters

Question 9

When should you use the field extractor?

Answer 9

Use FX to extract fields that are static and that you use often in searches.