Module 4: Filtering Results and Manipulating Data Flashcards
What does the eval command allow you to do?
The eval command allows you to calculate and manipulate field values in your report and it supports a variety of functions
Page 104 Mod 4
What happens if the destination field exists when using the eval command?
The values of the field are replaced by the results of eval command
Page 105 Mod 4
Is the index data modified when using the eval command?
No, the data is not modified and no new data is written into the index
Page 105 Mod 4
Are field values treated as case sensitive when using the eval command?
Yes, field values are treated in a case sensitive manner when using the eval command
Page 105 Mod 4
Three things the eval command allows you to?
- Calculate expressions
- Place the results in a field
- Use that field in searches or other expressions
Page 104 Mod 4
What are the operator types that the eval commands effects?
Arithmetic/Operators
+, -, *, /, %
Concatenation/Operators
+, .
Boolean/Operators
AND OR NOT XOR
Comparison/Operators
, <=, >=, !=, =, ==, LIKE
Page 107 Mod 4
What is another function the eval command can do to values?
It can convert values. For example, the eval command can convert bytes into megabytes
Page 108 Mod 4
The eval command must do what in order to successfully convert values?
It must be set to a new or existing field
Page 109 Mod 4
The eval command also has another function that will help readability?
The round (field/number, decimals) function sets the value of a field to the number of decimals you specify
Page 110 Mod 4
What will the result be if decimals are unspecified when using the round function in the eval command?
The result is a whole number will be present
Page 110 Mod 4
What command would you use if you wanted to remove a field in the search window?
Use the fields - command
Page 11 Mod 4
You can perform mathematical functions against fields with what when using the eval command?
You can use mathematical functions against fields with numeric field values
Page 112 Mod 4
When using the eval command, what does the tostring function allow you to do?
tostring allows you to convert a numeric field value to a string
example: tostring(field, “option”)
Page 115 Mod 4
What are some of the options of the tostring function when using the eval command?
- “commas”: applies commas. If the number includes decimals, it rounds to two decimal places
- “duration”: formats the number as “hh:mm:ss”
- “hex”: formats the number in hexadecimal
Page 115 Mod 4
When using the eval command, give a scenario where you would use the range function?
Use the range function to return the difference between the max and min values of _time
Page 116 Mod 4