Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Splunk Core Power User > Statistical Processing > Flashcards

Statistical Processing Flashcards

1
Q

Use ___=false with the chart command if you want to hide the OTHER column.

A

useother

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When using the top command, add the BY clause to ___.
* specify which search mode to return results by
* return results grouped by the field you specify in the BY clause
* return a percentage of events
specify how many results to return

A

return results grouped by the field you specify in the BY clause

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To round numerical values, use the ___ function of the eval command.

A

round()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When renaming fields with spaces or special characters, use the rename command and include the new field name in ___.
* parenthesis
* double quotes
* None of the above
* single quotes

A

double quotes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To display the least common values of a field, use the ___ command.
* stats
* top
* Rare
* timechart with common=f option

A

rare

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of these functions lists ALL values of the field X?
* values(X)
* list(X)

A

list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When you use the stats command with a BY clause, what is returned?
one row
* a statistical output for each value of the named field
* numerical statistics on each field if and only if all of the values of that field are numerical
* an error message because you did not include a statistical function

A

a statistical output for each value of the named field

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

By default, the sort command lists results in ___ order.
* ascending
* descending

A

ascending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of these eval functions takes no arguments?
* random
* pow
* max
* min

A

random

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If you use the stats command with two functions and a BY clause, which function is the BY clause applied to?
* the first function
* both functions
* the second function
* both functions if they are both aggregate functions

A

both functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False: Only one field can be created when using the eval command.
* FALSE
* TRUE

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False: Using an OVER and a BY clause with the chart command will create a multiseries data series.
* FALSE
* TRUE

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The ___(X,Y) eval function returns X to the power of Y.

A

pow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False: You can use wildcards (*) with the rename command to rename multiple fields that match a pattern.
* FALSE
* TRUE

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The ___ command will always have _time as the X-axis.

A

timechart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ag-Splunk Core Power User (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions