Module 3: Using Trendlines, Mapping, and Single Value Commands Flashcards
What are some of the functions of the trendline command?
- Allows you to overlay a computed moving average on a chart
- Trendline computes the moving averages of a field
example: trendline (field) [AS newfield]
Page 80 Mod 3
How many trendtypes are there?
- sma = simple moving average
- ema = exponential moving average
- wma = weighted moving average
Page 80 Mod 3
What must be defined in order for the trendline command to work properly?
The period which to compute the trend
Page 81 Mod 3
The period must be an integer between?
2 and 10,000
example:
sma2(sales) is valid
sma(sales) would fail
Page 81 Mod 3
When would you want to use the iplocation command?
To look up and add location information to an event
Page 84 Mod 3
What information does the iplocation command include?
City, country, region, latitude and longitude
Page 84 Mod 3
Is all the information available for all the IP address ranges?
NO
Page 84 Mod 3
What will automatically define the default lat and lon fields required by the geostats command?
The iplocation command
Page 84 Mod 3
When would you want to use the geostats command?
To compute statistical functions and render as cluster map
Page 85 Mod 3
What are some of the components fo the geostats command?
[latfield=string]
[lonfield=string]
[stats-agg-term]* [by-clause]
Page 85 Mod 3
What does the data for the geostats command have to include?
Latitude and Longitude values
Page 85 Mod 3
When would you want to change the latfield and longfield in the geostats command?
If they differ from the default lat and lon fields
Page 85 Mod 3
To control the column count with the geostats command
use the globallimit argument
Page 85 Mod 3
What is a Choropleth Map?
It uses shading to show relative metrics, such as sales, network intruders, etc. for predefined geographic regions
Page 87 Mod 3
You need one of these in order to define regional boundaries?
- KML (keyhole Markup Language) file
- KMZ (compressed Keyhole Markup Language) file
Page 87 Mod 3
Splunk ships with two things to help define geographic regions, what are they?
- geo_us_states, United States
- geo_countries, countries of the World
Page 87 Mod 3
Single value visualizations formatting can set color using UI or with?
The gauge command
Page 90 Mod 3
When editing a single value visualizations what can you add to the timechart command?
A sparkline and a trend
Page 95 Mod 3
What is a sparkline and what is it designed to do?
A sparkline is an inline chart and designed to display time-based trends associated with the primary key
Page 95 Mod 3
What is a trend and where does it appear on a single value?
Shows the direction in which values are moving and it appears on the right of the single value
Page 95 Mod 3
What is something you can do from the Format Options?
Automatically total every column
Page 96 Mod 3
What are some of the downfalls when using the Format Options?
- Cannot indicate which column to total; all columns are always totaled
- Cannot add labels
Page 96 Mod 3
Using what tab in the Format Options can you use to add the percentages?
The summary tab
Page 97 Mod 3
What could you also use to get the totals other than the Format Options?
You can use the addtotals command
Page 98 Mod 3
What does the addtotals command do?
- Compute the sum of all or selected numeric fields for each column and place the total in the last row
- Compute the sum of all or selected numeric fields for each row and place the total in the last column
Page 98 Mod 3
What some examples of the addtotals command syntax?
addtotals: [row=bool] [fieldname=field] [col=bool] [labelfield=field] label=string] field-list
Page 99 Mod 3
This pertains to addtotals command syntax
row=true/false (default=true) “row option
A column is created that contains numeric totals for each tow
Page 99 Mod 3
This pertains to addtotals command syntax
col=true/false (default=false) “column option”
A row is created that contains numeric totals for each column
Page 99 Mod 3
This pertains to addtotals command syntax
fieldname=field (default=Total) “row option”
Defines a string used to create a field name for the totals column
Page 99 Mod 3
This pertains to addtotals command syntax
label=string (default=Total) “column option”
Defines a string used to name the totals row
Page 99 Mod 3
This pertains to addtotals command syntax
labelfield=fieldname “column option”
Defines where the label string is placed. (Generally, you should make this the first column)
Page 99 Mod 3
This pertains to addtotals command syntax
field-list=one or more numeric fields
(default: all numeric fields) “general options”
Defines the numeric fields to be totaled
Page 99 Mod 3
When using the addtotals command what is the argument that adds the total of the row?
The argument is row=t (this is the default). row=t counts the fields in each row under a column named “Total Per Product”
Page 100 Mod 3
When using the addtotals command what is the argument that adds the total of the columns?
The argument is col=t. col=t counts the fields in each row in a row named “Total Per Country”
Page 100 Mod 3
