Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ag-Splunk Power User 8.x > Module 2: Using Transforming Commands for Visualizations > Flashcards

Module 2: Using Transforming Commands for Visualizations Flashcards

Explore data structure requirements Explore visualizations types Create and format charts Create and format timecharts Explain when to use each type of reporting command

1
Q

When a search returns statistical values, results can be viewed with a wide variety of visualization types

A
  • statistics table
  • charts: line, column, pie, etc
  • single value, gauges
  • maps
  • many more

Page 36 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A ____ is a series sequence of related data points that are plotted in a visualization.

A

Data series

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False: Data series can generate any statistical or visualization results.

A

True

Page 37 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True or False: Most visualizations require a single series table. (Search results structured as a table with at least two columns).

A

True

  • left most column provides x-axis values
  • subsequent columns provide numeric y-axis values for each series in the chart

Page 38 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To get multi-series tables, you need to set up the underlying search with reporting search commands like ___ or ____

A

chart or timechart

Page 39 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a Time series do?

A

Displays statistical trends over time
*can be single-series or multi-series

Page 40 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 7 chart types?

A 
Line
Area
Column
Bar
Bubble
Scatter
Pie

Page 41 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does a scatter chart show?

A

It shows trends in the relationships between discrete data values
*generally, it shows discrete values that do not occur at regular intervals or belong to a series

Page 48 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does a bubble chart require?

A

2 split by fields and 3 statistics:

  • 1 for x-axis
  • 1 for y-axis
  • 1 that determines size of the bubble

Page 49 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

For line, area, and column charts, where does the x-axis lie?

A

Horizontal

Page 42-46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where does the x-axis lie in a bar chart?

A

Vertical

Page 46 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the chart command do?

A

It displays any data series plotted across one or two dimensions.

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

“chart command requirements”

The function defines the value of the y-axis, therefore it should be ___?

A

Numeric

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where do the values from the by clause display when using the chart command?

A

In legend

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

“chart command requirements”

The first field after the over clause is the ___?

A

x-axis

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

“chart command requirements”

Using the over and by clauses divides the data into ___?

A

sub-groupings

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

chart avg(bytes) over host

A

The host values display over the x-axis

Page 50 mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

chart avg(bytes) over host by product_name

A

The host field is the x-axis and the series is further split by product_name

Page 50 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What kind of results will you get if you used the chart command count over field?

A

Count functions tallies the number of events for each value in the result set

Page 51 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How many dimensions can you split your chart results over?

A

Just 2 dimensions (unlike stats results)

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What can you use with the “over” clause to split results?

A

The “by” clause.

Page 52 Mod 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

chart and timechart commands automatically filter results to include the ___ highest values?

A

10 highest values
*surplus values are grouped into OTHER

Page 54 Mod 2

23
Q

What do you use if you want to remove empty (NULL) and OTHER field values from displaying?

A
  • useother=f
  • usenull=f

Page 55 Mod 2

24
Q

What is another way you can get rid of null values?

A

Add itemId=* to the base search

Page 55 Mod 2

25
What argument would you use to adjust the number of plotted series?
limit argument Page 56 Mod 2
26
When you have a split by two dimensions which option does the limit argument apply to?
It applies to the second split. Page 56 Mod 2
27
What doe the timechart command do?
It performs statistical aggregations against time and plots and trends data over time Page 57 Mod 2
28
What axis is _time always on?
The x-axis Page 57 Mod 2
29
What form are timecharts best for?
Line and Area charts Page 57 Mod 2
30
True or False: Functions and arguments used with stats and chart can also be used with timechart?
True Page 58 Mod 2
31
Unlike stats how many fields can be specified after the by clause when using the timechart command?
One Page 59 Mod 2
32
Why can you only use 1 field after the by clause when using the timechart command?
Because _time is the implied first by field. Page 59 Mod 2
33
Which axis represents the count for each filed value?
The y-axis Page 59 Mod 2
34
What happens when the multi-series mode is set to NO?
All fields share the y-axis Page 60 Mod 2
35
What happens when the multi-series mode is set to YES?
The y-axis is split for each field value Page 61 Mod 2
36
When you use the timechart command it buckets the values of the _time field, which does what for the user?
This provides dynamic sampling intervals, based upon the time range of the search Page 62 Mod 2
37
True or False: Like with the stats and chart commands, you can apply statistical functions to the timechart command?
True, you can add statistical functions Page 63 Mod 2
38
List the functions of the Trellis layout?
- It displays multiple charts based on one result set - Allows visual comparison between different categories - Data only fetched once Page 66 Mod 2
39
What should you use if you want to calculate statistics with an arbitrary field as the x-axis that is not _time?
You should use a chart Page 75 Mod 2
40
When you use a by clause with the chart command what is the output?
It is a table and each column represents a distinct value of the split-by field Page 75 Mod 2
41
When would you want to use the timechart command to calculate statistics?
When you want the x-axis to have _time Page 76 Mod 2
42
What happens when you introduce a by clause to the timechart command?
It becomes a table and each column represents a distinct value of the split-by field Page 57 Mod 2
43
When is a good time to use the stats command to calculate statistics?
When you want to use 2 or more fields that are not time-based Page 74 Mod 2
44
What command should you use when you want to count the frequency of a field(s)?
You should use the top and rare command Page 73 Mod 2
45
In what way does the timewarp command display?
• Displays the output of the timechart command, so that each time period is a separate series • Can compare data over a specific time period, such as day-over-day or month-over-month Page 68 Mod 2
46
What is timewarps syntax?
• Syntax: timewrap timewrap-span • timewrap-span can be second, minute, hour, day, week, month, quarter or year • For example: timewrap 1w Page 69 Mod 2
47
How far does earliest to latest span with timewarp?
14 days 2 weeks a fortnight Page 70 Mod 2
48
When using a line chart how many lines are shown when specifying 1w with the timewarp command
2 lines are shown Page 70 Mod 2
49
When using timewarp how can you add more lines to the chart?
by adding additional periods to the search Page 71 Mod 2
50
What would you use to count the frequency of a field(s)?
top or rare Page 73 Mod 2
51
What would you use to calculate statistics for two or more by fields? (non time- based)
The stats command Page 74 Mod 2
52
"chart command requirements" | The first field after the over clause is the?
X-axis Mod 2 page 50
53
"chart command requirements" | Using the over and by clause's divides data into?
Sub-groupings Mod 2 page 50
54
With the chart command how is the x-axis decided?
It is decided by you

ag-Splunk Power User 8.x (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions