Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Splunk Power User 8.x > Module 2: Using Transforming Commands for Visualizations > Flashcards

Module 2: Using Transforming Commands for Visualizations Flashcards

Explore data structure requirements Explore visualizations types Create and format charts Create and format timecharts Explain when to use each type of reporting command

1
Q

When a search returns statistical values, results can be viewed with a wide variety of visualization types

A
  • statistics table
  • charts: line, column, pie, etc
  • single value, gauges
  • maps
  • many more

Page 36 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A ____ is a series sequence of related data points that are plotted in a visualization.

A

Data series

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False: Data series can generate any statistical or visualization results.

A

True

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False: Most visualizations require a single series table. (Search results structured as a table with at least two columns).

A

True

  • left most column provides x-axis values
  • subsequent columns provide numeric y-axis values for each series in the chart

Page 38 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To get multi-series tables, you need to set up the underlying search with reporting search commands like ___ or ____

A

chart or timechart

Page 39 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a Time series do?

A

Displays statistical trends over time
*can be single-series or multi-series

Page 40 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 7 chart types?

A 
Line
Area
Column
Bar
Bubble
Scatter
Pie

Page 41 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a scatter chart show?

A

It shows trends in the relationships between discrete data values
*generally, it shows discrete values that do not occur at regular intervals or belong to a series

Page 48 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a bubble chart require?

A

2 split by fields and 3 statistics:

  • 1 for x-axis
  • 1 for y-axis
  • 1 that determines size of the bubble

Page 49 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

For line, area, and column charts, where does the x-axis lie?

A

Horizontal

Page 42-46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where does the x-axis lie in a bar chart?

A

Vertical

Page 46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the chart command do?

A

It displays any data series plotted across one or two dimensions.

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

“chart command requirements”

The function defines the value of the y-axis, therefore it should be ___?

A

Numeric

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where do the values from the by clause display when using the chart command?

A

In legend

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

“chart command requirements”

The first field after the over clause is the ___?

A

x-axis

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

“chart command requirements”

Using the over and by clauses divides the data into ___?

A

sub-groupings

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

chart avg(bytes) over host

A

The host values display over the x-axis

Page 50 mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

chart avg(bytes) over host by product_name

A

The host field is the x-axis and the series is further split by product_name

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What kind of results will you get if you used the chart command count over field?

A

Count functions tallies the number of events for each value in the result set

Page 51 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How many dimensions can you split your chart results over?

A

Just 2 dimensions (unlike stats results)

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can you use with the “over” clause to split results?

A

The “by” clause.

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

chart and timechart commands automatically filter results to include the ___ highest values?

A

10 highest values
*surplus values are grouped into OTHER

Page 54 Mod 2

23
Q

What do you use if you want to remove empty (NULL) and OTHER field values from displaying?

A
  • useother=f
  • usenull=f

Page 55 Mod 2

24
Q

What is another way you can get rid of null values?

A

Add itemId=* to the base search

Page 55 Mod 2

25
Q

What argument would you use to adjust the number of plotted series?

A

limit argument

Page 56 Mod 2

26
Q

When you have a split by two dimensions which option does the limit argument apply to?

A

It applies to the second split.

Page 56 Mod 2

27
Q

What doe the timechart command do?

A

It performs statistical aggregations against time and plots and trends data over time

Page 57 Mod 2

28
Q

What axis is _time always on?

A

The x-axis

Page 57 Mod 2

29
Q

What form are timecharts best for?

A

Line and Area charts

Page 57 Mod 2

30
Q

True or False: Functions and arguments used with stats and chart can also be used with timechart?

A

True

Page 58 Mod 2

31
Q

Unlike stats how many fields can be specified after the by clause when using the timechart command?

A

One

Page 59 Mod 2

32
Q

Why can you only use 1 field after the by clause when using the timechart command?

A

Because _time is the implied first by field.

Page 59 Mod 2

33
Q

Which axis represents the count for each filed value?

A

The y-axis

Page 59 Mod 2

34
Q

What happens when the multi-series mode is set to NO?

A

All fields share the y-axis

Page 60 Mod 2

35
Q

What happens when the multi-series mode is set to YES?

A

The y-axis is split for each field value

Page 61 Mod 2

36
Q

When you use the timechart command it buckets the values of the _time field, which does what for the user?

A

This provides dynamic sampling intervals, based upon the time range of the search

Page 62 Mod 2

37
Q

True or False: Like with the stats and chart commands, you can apply statistical functions to the timechart command?

A

True, you can add statistical functions

Page 63 Mod 2

38
Q

List the functions of the Trellis layout?

A
  • It displays multiple charts based on one result set
  • Allows visual comparison between different categories
  • Data only fetched once

Page 66 Mod 2

39
Q

What should you use if you want to calculate statistics with an arbitrary field as the x-axis that is not _time?

A

You should use a chart

Page 75 Mod 2

40
Q

When you use a by clause with the chart command what is the output?

A

It is a table and each column represents a distinct value of the split-by field

Page 75 Mod 2

41
Q

When would you want to use the timechart command to calculate statistics?

A

When you want the x-axis to have _time

Page 76 Mod 2

42
Q

What happens when you introduce a by clause to the timechart command?

A

It becomes a table and each column represents a distinct value of the split-by field

Page 57 Mod 2

43
Q

When is a good time to use the stats command to calculate statistics?

A

When you want to use 2 or more fields that are not time-based

Page 74 Mod 2

44
Q

What command should you use when you want to count the frequency of a field(s)?

A

You should use the top and rare command

Page 73 Mod 2

45
Q

In what way does the timewarp command display?

A

• Displays the output of the timechart command, so that each time
period is a separate series
• Can compare data over a specific time period, such as day-over-day or
month-over-month

Page 68 Mod 2

46
Q

What is timewarps syntax?

A

• Syntax: timewrap timewrap-span
• timewrap-span can be second, minute, hour, day, week, month,
quarter or year
• For example: timewrap 1w

Page 69 Mod 2

47
Q

How far does earliest to latest span with timewarp?

A

14 days

2 weeks

a fortnight

Page 70 Mod 2

48
Q

When using a line chart how many lines are shown when specifying 1w with the timewarp command

A

2 lines are shown

Page 70 Mod 2

49
Q

When using timewarp how can you add more lines to the chart?

A

by adding additional periods to the search

Page 71 Mod 2

50
Q

What would you use to count the frequency of a field(s)?

A

top or rare

Page 73 Mod 2

51
Q

What would you use to calculate statistics for two or more by fields? (non time-
based)

A

The stats command

Page 74 Mod 2

52
Q

“chart command requirements”

The first field after the over clause is the?

A

X-axis

Mod 2 page 50

53
Q

“chart command requirements”

Using the over and by clause’s divides data into?

A

Sub-groupings

Mod 2 page 50

54
Q

With the chart command how is the x-axis decided?

A

It is decided by you

ag-Splunk Power User 8.x (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions