Creating Field Extractions

Question 1

Which of the following character delimiters are supported for a delimited field extraction?

• space
• tab
• comma
• pipe

Answer 1

space
tab
comma
pipe

Question 2

True or False. Fields can be extracted only after indexing is complete.

TRUE

FALSE

Answer 2

False

Question 3

Which of the following Regex operator can most severly impact performance, and may be considered “greedy”?

• • (asterisk)
• \ (backslash)
• • (plus sign)
• . (period)

Answer 3

* (asterisk)

Question 4

Which of the following statements are true about a Regex “capture”?

* Defined with a matching parantheses: () 
* Allows the Regex to be case insensitive 
* Captures a matching pattern 
* Can be referenced with a given name using: ?<name> 

Answer 4

* Defined with a matching parantheses: ()
* Allows the Regex to be case insensitive
* Can be referenced with a given name using: ?<name> 

Question 5

True or False: If you manually edit the regular expression in the Field Extractor Utility then you will not be able to go back to validate the results.

FALSE

TRUE

Answer 5

True

Question 6

Use this field extraction method when fields are separated by spaces, commas, or characters.

• rename field extractions
• regex field extractions
• delimited field extractions

Answer 6

delimited field extractions

Question 7

When using regex for field extraction, what’s the first thing you have to do in the Field Extractor?

• Edit the regular expression
• Select a value to extract
• Set the Extractions Name and set permissions
• Provide a Field Name

Answer 7

Select a value to extract

Question 8

Which of the following strings match this Regular Expression: c.t

• c#t
• c.t
• cat
• c99t

Answer 8

c#t
c.t
cat

Question 9

There are three ways to get to the Field Extractor (FX). Select all that apply.

• Event Actions menu
• Fields sidebar
• Auto-Extract Fields Workflow
• Settings menu

Answer 9

Event Actions menu
Fields sidebar
Settings menu