Question 1

Which method in the Field Extractor would extract the port number from the following event? |

Options :

A : Delimiter

B : rex command

C : The Field Extractor tool cannot extract regular expressions.

D : Regular expression

Answer: B

Question 2

What are the expected results for a search that contains the command | where A=B?

Options :

A : Events that contain the string value where A=B.

B : Events that contain the string value A=B.

C : Events where values of field are equal to values of field B.

D : Events where field A contains the string value B.

Answer: C

Question 3

When would transaction be used instead of stats?

Options :

A :

To group events based on a single field value.

B :

To see results of a calculation.

C :

To have a faster and more efficient search.

D :

To group events based on start/end values.

Answer: D

Question 4

Which function should you use with the transaction command to set the maximum total time between the earliest and latest events returned?

Options :

A : maxpause

B : endswith

C : maxduration

D : maxspan

Answer: D

Question 5

Field aliases are used to __________ data

Options :

A : clean

B : calculate

C : normalize

Answer: C