Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Splunk Power User > Using Transforming Commands for Vizualizations > Flashcards

Using Transforming Commands for Vizualizations Flashcards

1
Q

What is the |chart command used for?

A

Returns results in a table format that can be displayed as a visualization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the syntax of the |chart command?

A

|chart <stats-func> (<wc-field>) over <row-split> [by <column-split>] [span=<int><timescale>] [limit=<int>] [useother=<bool>] [usenull=<bool>]</bool></bool></int></timescale></int></column-split></row-split></wc-field></stats-func>

Y-axis: <stats-func> (<wc-field>)
- wc-field is a field with numeric values; supports wildcards</wc-field></stats-func>

X-axis: over <row-split></row-split>

Further split data by including by <column-split></column-split>

Control behavior with:
- span
- limit
- useother
- usenull

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between the chart and stats commands?

A

The chart command can be split over two fields or dimensions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the [useother=<bool>] argument do?</bool>

A

Completely removes the “Other” column from your results.

Note:
- ONLY a visual change
- Does NOT recalculate the initial results generated by your base search.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the [usenull=<bool>] argument do?</bool>

A

Usenull will remove the null column if one exists.

The null column will contain the statistical valuation of any events that did not actually contain the field that the multi-series split was based on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the |timechart command used for?

A

Timechart performs stats aggregations against time.

Time is ALWAYS the x-axis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the syntax of the |timechart command?

A

|timechart <stats-func> (<field>) by <split-by-field> [span=<int><timescale>] [limit=<int>]</int></timescale></int></split-by-field></field></stats-func>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the key difference between the chart and timechart commands?

A

Timechart supports only a SINGLE additional split. The x-axis is always time.

Chart can be specified by two fields or dimensions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When using the |timechart command, what will Splunk automatically do?

A

Splunk will automatically decide what the appropriate buckets for the values of the time field will be based on the time range of your search.

If you want to change the buckets, use the span argument.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Splunk Power User (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions