Module 3: Using Trendlines, Mapping, and Single Value Commands

Question 1

What are some of the functions of the trendline command?

Answer 1

• Allows you to overlay a computed moving average on a chart
• Trendline computes the moving averages of a field
  example: trendline (field) [AS newfield]

Page 80 Mod 3

Question 2

How many trendtypes are there?

Answer 2

• sma = simple moving average
• ema = exponential moving average
• wma = weighted moving average

Page 80 Mod 3

Question 3

What must be defined in order for the trendline command to work properly?

Answer 3

The period which to compute the trend

Page 81 Mod 3

Question 4

The period must be an integer between?

Answer 4

2 and 10,000
example:
sma2(sales) is valid
sma(sales) would fail

Page 81 Mod 3

Question 5

When would you want to use the iplocation command?

Answer 5

To look up and add location information to an event

Page 84 Mod 3

Question 6

What information does the iplocation command include?

Answer 6

City, country, region, latitude and longitude

Page 84 Mod 3

Question 7

Is all the information available for all the IP address ranges?

Answer 7

NO

Page 84 Mod 3

Question 8

What will automatically define the default lat and lon fields required by the geostats command?

Answer 8

The iplocation command

Page 84 Mod 3

Question 9

When would you want to use the geostats command?

Answer 9

To compute statistical functions and render as cluster map

Page 85 Mod 3

Question 10

What are some of the components fo the geostats command?

Answer 10

[latfield=string]
[lonfield=string]
[stats-agg-term]* [by-clause]

Page 85 Mod 3

Question 11

What does the data for the geostats command have to include?

Answer 11

Latitude and Longitude values

Page 85 Mod 3

Question 12

When would you want to change the latfield and longfield in the geostats command?

Answer 12

If they differ from the default lat and lon fields

Page 85 Mod 3

Question 13

To control the column count with the geostats command

Answer 13

use the globallimit argument

Page 85 Mod 3

Question 14

What is a Choropleth Map?

Answer 14

It uses shading to show relative metrics, such as sales, network intruders, etc. for predefined geographic regions

Page 87 Mod 3

Question 15

You need one of these in order to define regional boundaries?

Answer 15

• KML (keyhole Markup Language) file
• KMZ (compressed Keyhole Markup Language) file

Page 87 Mod 3

Question 16

Splunk ships with two things to help define geographic regions, what are they?

Answer 16

• geo_us_states, United States
• geo_countries, countries of the World

Page 87 Mod 3

Question 17

Single value visualizations formatting can set color using UI or with?

Answer 17

The gauge command

Page 90 Mod 3

Question 18

When editing a single value visualizations what can you add to the timechart command?

Answer 18

A sparkline and a trend

Page 95 Mod 3

Question 19

What is a sparkline and what is it designed to do?

Answer 19

A sparkline is an inline chart and designed to display time-based trends associated with the primary key

Page 95 Mod 3

Question 20

What is a trend and where does it appear on a single value?

Answer 20

Shows the direction in which values are moving and it appears on the right of the single value

Page 95 Mod 3

Question 21

What is something you can do from the Format Options?

Answer 21

Automatically total every column

Page 96 Mod 3

Question 22

What are some of the downfalls when using the Format Options?

Answer 22

• Cannot indicate which column to total; all columns are always totaled
• Cannot add labels

Page 96 Mod 3

Question 23

Using what tab in the Format Options can you use to add the percentages?

Answer 23

The summary tab

Page 97 Mod 3

Question 24

What could you also use to get the totals other than the Format Options?

Answer 24

You can use the addtotals command

Page 98 Mod 3

Question 25

What does the addtotals command do?

Answer 25

• Compute the sum of all or selected numeric fields for each column and place the total in the last row
• Compute the sum of all or selected numeric fields for each row and place the total in the last column

Page 98 Mod 3

Question 26

What some examples of the addtotals command syntax?

Answer 26

addtotals:
[row=bool]
[fieldname=field]
[col=bool]
[labelfield=field]
label=string]
field-list

Page 99 Mod 3

Question 27

This pertains to addtotals command syntax

row=true/false (default=true) “row option

Answer 27

A column is created that contains numeric totals for each tow

Page 99 Mod 3

Question 28

This pertains to addtotals command syntax

col=true/false (default=false) “column option”

Answer 28

A row is created that contains numeric totals for each column

Page 99 Mod 3

Question 29

This pertains to addtotals command syntax

fieldname=field (default=Total) “row option”

Answer 29

Defines a string used to create a field name for the totals column

Page 99 Mod 3

Question 30

This pertains to addtotals command syntax

label=string (default=Total) “column option”

Answer 30

Defines a string used to name the totals row

Page 99 Mod 3

Question 31

This pertains to addtotals command syntax

labelfield=fieldname “column option”

Answer 31

Defines where the label string is placed. (Generally, you should make this the first column)

Page 99 Mod 3

Question 32

This pertains to addtotals command syntax

field-list=one or more numeric fields
(default: all numeric fields) “general options”

Answer 32

Defines the numeric fields to be totaled

Page 99 Mod 3

Question 33

When using the addtotals command what is the argument that adds the total of the row?

Answer 33

The argument is row=t (this is the default). row=t counts the fields in each row under a column named “Total Per Product”

Page 100 Mod 3

Question 34

When using the addtotals command what is the argument that adds the total of the columns?

Answer 34

The argument is col=t. col=t counts the fields in each row in a row named “Total Per Country”

Page 100 Mod 3