Fields

Question 1

What are selected fields?

Answer 1

The fields of upmost importance

Question 2

What are the 3 default fields?

Answer 2

Host, Source and SourceType

Question 3

What is the criteria for ‘Interesting Fields’ and where do they sit?

Answer 3

Interesting fields are fields that have values in at least 20% of the events
They sit underneath he selected fields

Question 4

What search does it perform when you click on field? what type of data does it return?

Answer 4

A transforming search

Shows results as statistical data

Question 5

What default data does a transforming search show?

Answer 5

Values,
A count of values
A list of the percentage of events the values shows up in

Question 6

What operators can be used with numerical or string values?

Answer 6

=

!=

Question 7

What operators can be used for fields ONLY with numerical values?

Answer 7

> =
<
<=

Question 8

how would add multiple boolean to a search?

Answer 8

NOT (host=mail* OR host=www*)

Question 9

Fill in the blanks

___ is better than ___

Answer 9

Inclusion is better than exclusion

Question 10

What are the time operators?

Answer 10

S Seconds
M Minutes
H Hours
D days
W Weeks
Mon Month
Y Year

Question 11

What are the 2 types of date ranges? give an example for each

Answer 11

Relative
earliest=-2h latest=-1hr
Absolute
earliest=04/20/2017:12:00:00

Question 12

What is a key advantage of using indexes

Answer 12

Way to filter Events Early