Q: 13
When extracting fields, we may choose to use our own regular expressions
Options
Discussion
Feels like False. I thought Splunk usually takes care of field extraction with its built-in tools and you don't have to mess with regex yourself most of the time. Maybe I'm missing a scenario but that's how I've done it so far. Anybody see this differently?
True
Pretty sure that's True. You can definitely write your own regex for custom field extraction in Splunk, not just use the defaults. Maybe some confusion since automatic extraction works for basics, but manual regex is allowed. Agree?
For me, that's not the case, so False. From what I've seen in official docs and practice, Splunk handles field extraction automatically for most stuff, so you don't typically have to write your own regex unless you want something custom. Check the Splunk exam guide or try some labs if you're unsure.
Be respectful. No spam.
