Creating Field Extractions

Which of the following Regex operator can most severly impact performance, and may be considered "greedy"? * (asterisk) \ (backslash) . (period) + (plus sign)

* (asterisk)

Use this field extraction method when fields are separated by spaces, commas, or characters. rename field extractions regex field extractions delimited field extractions

delimited field extractions

Which of the following character delimiters are supported for a delimited field extraction? space tab pipe comma

space tab pipe comma

Which of the following statements are true about a Regex "capture"? Can be referenced with a given name using: ?<name> Allows the Regex to be case insensitive Defined with a matching parantheses: () Captures a matching pattern

Can be referenced with a given name using: ?<name> Defined with a matching parantheses: () Captures a matching pattern

True or False: Fields can be extracted only after indexing is complete.

FALSE

There are three ways to get to the Field Extractor (FX). Select all that apply. Fields sidebar Event Actions menu Auto-Extract Fields Workflow Settings menu

Fields sidebar Event Actions menu Settings menu

When using regex for field extraction, what's the first thing you have to do in the Field Extractor? Provide a Field Name Set the Extractions Name and set permissions Select a value to extract Edit the regular expression

Select a value to extract

Which of the following strings match this Regular Expression: c.t c.t cat c#t c99t

c.t cat c#t

True or False: If you manually edit the regular expression in the Field Extractor Utility then you will not be able to go back to validate the results.

TRUE