Free Splunk SPLK-1002 Actual Exam Questions - Question 13 Discussion

This feels like A since custom regex is common for flexibility.

D imo, the question seems broad. While many tools do let you use your own regex, some have preset patterns and don't allow full custom regex, so it’s not always guaranteed.

B tbh, I’d say false if the question means every tool lets you use your own regex. Some extraction tools have fixed patterns or limited customization, so you can’t always write your own. It depends on the platform’s capabilities, and the question isn’t clear on that. If it’s about general practice, sure, custom regex is common, but not universally allowed. So choosing B makes sense if we consider those exceptions and restrictions in real-world tools.

Makes sense to go with A here since relying only on defaults wouldn't cover all cases. Custom regex offers needed flexibility for different field patterns. So yeah, A feels right.

A imo. You can totally use your own regex when extracting fields, it’s pretty common to customize patterns for specific data formats. The false option doesn’t make much sense since the whole point is to tailor extraction to what you need.

A