Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Splunk Power User 8.x > Module 2: Using Transforming Commands for Visualizations > Flashcards

Module 2: Using Transforming Commands for Visualizations Flashcards

Explore data structure requirements Explore visualizations types Create and format charts Create and format timecharts Explain when to use each type of reporting command (54 cards)

Start Studying
1
Q

When a search returns statistical values, results can be viewed with a wide variety of visualization types

A
  • statistics table
  • charts: line, column, pie, etc
  • single value, gauges
  • maps
  • many more

Page 36 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A ____ is a series sequence of related data points that are plotted in a visualization.

A

Data series

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False: Data series can generate any statistical or visualization results.

A

True

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False: Most visualizations require a single series table. (Search results structured as a table with at least two columns).

A

True

  • left most column provides x-axis values
  • subsequent columns provide numeric y-axis values for each series in the chart

Page 38 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To get multi-series tables, you need to set up the underlying search with reporting search commands like ___ or ____

A

chart or timechart

Page 39 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a Time series do?

A

Displays statistical trends over time
*can be single-series or multi-series

Page 40 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 7 chart types?

A 
Line
Area
Column
Bar
Bubble
Scatter
Pie

Page 41 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a scatter chart show?

A

It shows trends in the relationships between discrete data values
*generally, it shows discrete values that do not occur at regular intervals or belong to a series

Page 48 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a bubble chart require?

A

2 split by fields and 3 statistics:

  • 1 for x-axis
  • 1 for y-axis
  • 1 that determines size of the bubble

Page 49 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

For line, area, and column charts, where does the x-axis lie?

A

Horizontal

Page 42-46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where does the x-axis lie in a bar chart?

A

Vertical

Page 46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the chart command do?

A

It displays any data series plotted across one or two dimensions.

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

“chart command requirements”

The function defines the value of the y-axis, therefore it should be ___?

A

Numeric

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where do the values from the by clause display when using the chart command?

A

In legend

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

“chart command requirements”

The first field after the over clause is the ___?

A

x-axis

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

“chart command requirements”

Using the over and by clauses divides the data into ___?

A

sub-groupings

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

chart avg(bytes) over host

A

The host values display over the x-axis

Page 50 mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

chart avg(bytes) over host by product_name

A

The host field is the x-axis and the series is further split by product_name

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What kind of results will you get if you used the chart command count over field?

A

Count functions tallies the number of events for each value in the result set

Page 51 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How many dimensions can you split your chart results over?

A

Just 2 dimensions (unlike stats results)

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can you use with the “over” clause to split results?

A

The “by” clause.

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

chart and timechart commands automatically filter results to include the ___ highest values?

Study These Flashcards
A

10 highest values
*surplus values are grouped into OTHER

Page 54 Mod 2

23
Q

What do you use if you want to remove empty (NULL) and OTHER field values from displaying?

Study These Flashcards
A
  • useother=f
  • usenull=f

Page 55 Mod 2

24
Q

What is another way you can get rid of null values?

Study These Flashcards
A

Add itemId=* to the base search

Page 55 Mod 2

25
What argument would you use to adjust the number of plotted series?
limit argument Page 56 Mod 2
26
When you have a split by two dimensions which option does the limit argument apply to?
It applies to the second split. Page 56 Mod 2
27
What doe the timechart command do?
It performs statistical aggregations against time and plots and trends data over time Page 57 Mod 2
28
What axis is _time always on?
The x-axis Page 57 Mod 2
29
What form are timecharts best for?
Line and Area charts Page 57 Mod 2
30
True or False: Functions and arguments used with stats and chart can also be used with timechart?
True Page 58 Mod 2
31
Unlike stats how many fields can be specified after the by clause when using the timechart command?
One Page 59 Mod 2
32
Why can you only use 1 field after the by clause when using the timechart command?
Because _time is the implied first by field. Page 59 Mod 2
33
Which axis represents the count for each filed value?
The y-axis Page 59 Mod 2
34
What happens when the multi-series mode is set to NO?
All fields share the y-axis Page 60 Mod 2
35
What happens when the multi-series mode is set to YES?
The y-axis is split for each field value Page 61 Mod 2
36
When you use the timechart command it buckets the values of the _time field, which does what for the user?
This provides dynamic sampling intervals, based upon the time range of the search Page 62 Mod 2
37
True or False: Like with the stats and chart commands, you can apply statistical functions to the timechart command?
True, you can add statistical functions Page 63 Mod 2
38
List the functions of the Trellis layout?
- It displays multiple charts based on one result set - Allows visual comparison between different categories - Data only fetched once Page 66 Mod 2
39
What should you use if you want to calculate statistics with an arbitrary field as the x-axis that is not _time?
You should use a chart Page 75 Mod 2
40
When you use a by clause with the chart command what is the output?
It is a table and each column represents a distinct value of the split-by field Page 75 Mod 2
41
When would you want to use the timechart command to calculate statistics?
When you want the x-axis to have _time Page 76 Mod 2
42
What happens when you introduce a by clause to the timechart command?
It becomes a table and each column represents a distinct value of the split-by field Page 57 Mod 2
43
When is a good time to use the stats command to calculate statistics?
When you want to use 2 or more fields that are not time-based Page 74 Mod 2
44
What command should you use when you want to count the frequency of a field(s)?
You should use the top and rare command Page 73 Mod 2
45
In what way does the timewarp command display?
• Displays the output of the timechart command, so that each time period is a separate series • Can compare data over a specific time period, such as day-over-day or month-over-month Page 68 Mod 2
46
What is timewarps syntax?
• Syntax: timewrap timewrap-span • timewrap-span can be second, minute, hour, day, week, month, quarter or year • For example: timewrap 1w Page 69 Mod 2
47
How far does earliest to latest span with timewarp?
14 days 2 weeks a fortnight Page 70 Mod 2
48
When using a line chart how many lines are shown when specifying 1w with the timewarp command
2 lines are shown Page 70 Mod 2
49
When using timewarp how can you add more lines to the chart?
by adding additional periods to the search Page 71 Mod 2
50
What would you use to count the frequency of a field(s)?
top or rare Page 73 Mod 2
51
What would you use to calculate statistics for two or more by fields? (non time- based)
The stats command Page 74 Mod 2
52
"chart command requirements" | The first field after the over clause is the?
X-axis Mod 2 page 50
53
"chart command requirements" | Using the over and by clause's divides data into?
Sub-groupings Mod 2 page 50
54
With the chart command how is the x-axis decided?
It is decided by you

Splunk Power User 8.x (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions