Which method is NOT used for field extraction in Splunk?

Field extraction in Splunk is a critical process used to identify and create fields from event data. Each of the methods mentioned has its specific use cases.

Regular expressions are a powerful way to extract fields based on patterns found in the raw event data. Users can define complex patterns to pinpoint specific values or segments of data. This is particularly useful for unstructured or semi-structured data where fields are not clearly defined.

Lookup tables enable analysts to enhance their datasets by mapping fields in their events to predefined values in external CSV files or tables. This method is effective for enriching event data with additional context, but it primarily works with existing fields rather than extracting new ones from raw data.

Search commands can also be used for field extraction. Examples such as the rex command allow users to execute field extractions during a search by using regular expressions on-the-fly. It is a real-time way to dynamically derive fields based on query requirements.

On the other hand, list-based extraction is not recognized as a standard method for field extraction in Splunk. This approach suggests using lists for extraction, but Splunk primarily relies on the aforementioned methods to extract fields effectively. Therefore, the identification of 'list-based extraction' as the method not used for field extraction highlights the