Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Splunk Fundamentals 2 Certification Prep > Module 8 Creating and Managing Fields > Flashcards

Module 8 Creating and Managing Fields Flashcards

1
Q

what are the field extractor (FX) methods?

A

Regex

Delimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what three options can you use to get to the field extractor?

A
  • Settings
  • Fields sidebar
  • Event actions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Prior to search time what fields are stored with the event in the index?

A

Metafields such as host, source and sourcetype

internal fields as _time and _raw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False

In addition to the auto-extracted fields you can extract your own fields

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When would you use the Regex field extraction option?

A

-when you events contains unstructured data

FX attempts to extract fields using Regex to match simliar events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When would you use the delimiter field extraction option

A
  • structured data like a csv file

- data doesn’t have headers and is separated by delimiters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

extraction names are provided by default, can these be changed?

A

yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

if you manually edit the the regular expression can you then edit in the Field Extractor UI

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ag-Splunk Fundamentals 2 Certification Prep (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions