Advanced Visualizations Mod 4

Question 1

What are some of the functions of the trendline command?

Answer 1

• Allows you to overlay a computed moving average on a chart
• Trendline computes the moving averages of a field
  example: trendline (field) [AS newfield]

Question 2

How many trendtypes are there?

Answer 2

• sma = simple moving average
• ema = exponential moving average
• wma = weighted moving average

Question 3

What must be defined in order for the trendline command to work properly?

Answer 3

The period which to compute the trend

Question 4

The period must be an integer between?

Answer 4

2 and 10,000
example:
sma2(sales) is valid
sma(sales) would fail

Question 5

When would you want to use the iplocation command?

Answer 5

To look up and add location information to an event

Question 6

What information does the iplocation command include?

Answer 6

City, country, region, latitude and longitude

Question 7

Is all the information available for all the IP address ranges?

Answer 7

NO

Question 8

What will automatically define the default lat and lon fields required by the geostats command?

Answer 8

The iplocation command

Question 9

When would you want to use the geostats command?

Answer 9

To compute statistical functions and render as cluster map

Question 10

What are some of the components fo the geostats command?

Answer 10

[latfield=string]
[lonfield=string]
[stats-agg-term]* [by-clause]

Question 11

What does the data for the geostats command have to include?

Answer 11

Latitude and Longitude values

Question 12

When would you want to change the latfield and longfield in the geostats command?

Answer 12

If they differ from the default lat and lon fields

Question 13

What are some of the ways you can control the column count when using the geostats command?

Answer 13

• On a global level, use the globallimt argument

- On a local level, depending on where your focus is (i.e., where you’ve zoomed in), use the locallimit argument

Question 14

What is a Choropleth Map?

Answer 14

It uses shading to show relative metrics, such as sales, network intruders, etc. for predefined geographic regions

Question 15

You need one of these in order to define regional boundaries?

Answer 15

• KML (keyhole Markup Language) file

- KMZ (compressed Keyhole Markup Language) file

Question 16

Splunk ships with two things to help define geographic regions, what are they?

Answer 16

• geo_us_states, United States

- geo_countries, countries of the World

Question 17

Single value visualizations formatting can set color using UI or with?

Answer 17

The gauge command

Question 18

When editing a single value visualizations what can you add to the timechart command?

Answer 18

A sparkline and a trend

Question 19

What is a sparkline and what is it designed to do?

Answer 19

A sparkline is an inline chart and designed to display time-based trends associated with the primary key

Question 20

What is a trend and where does it appear on a single value?

Answer 20

Shows the direction in which values are moving and it appears on the right of the single value

Question 21

What is something you can do from the Format Options?

Answer 21

Automatically total every column

Question 22

What are some of the downfalls when using the Format Options?

Answer 22

• Cannot indicate which column to total; all columns are always totaled
• Cannot add labels

Question 23

Using what tab in the Format Options can you use to add the percentages?

Answer 23

The summary tab

Question 24

What could you also use to get the totals other than the Format Options?

Answer 24

You can use the addtotals command

Question 25

What does the addtotals command do?

Answer 25

- Compute the sum of all or selected numeric fields for each column and place the total in the last row - Compute the sum of all or selected numeric fields for each row and place the total in the last column

Question 26

What some examples of the addtotals command syntax?

Answer 26

``` addtotals: [row=bool] [fieldname=field] [col=bool] [labelfield=field] label=string] field-list ```

Question 27

This pertains to addtotals command syntax row=true/false (default=true) "row option

Answer 27

A column is created that contains numeric totals for each tow

Question 28

This pertains to addtotals command syntax col=true/false (default=false) "column option"

Answer 28

A row is created that contains numeric totals for each column

Question 29

This pertains to addtotals command syntax fieldname=field (default=Total) "row option"

Answer 29

Defines a string used to create a field name for the totals column

Question 30

This pertains to addtotals command syntax label=string (default=Total) "column option"

Answer 30

Defines a string used to name the totals row

Question 31

This pertains to addtotals command syntax labelfield=fieldname "column option"

Answer 31

Defines where the label string is placed. (Generally, you should make this the first column)

Question 32

This pertains to addtotals command syntax field-list=one or more numeric fields (default: all numeric fields) "general options"

Answer 32

Defines the numeric fields to be totaled

Question 33

When using the addtotals command what is the argument that adds the total of the row?

Answer 33

The argument is row=t (this is the default). row=t counts the fields in each row under a column named "Total Per Product"

Question 34

When using the addtotals command what is the argument that adds the total of the columns?

Answer 34

The argument is col=t. col=t counts the fields in each row in a row named "Total Per Country"