SPL 1 - Mod9 Transforming Splunk Commands
#rare command Example of "rare" command
5 vendors with the percentage turned off and renaming the "count" field to "Number of Sales" and add another row "other" for vendors not listed in the top 5 that have sold the "LEAST" amount of products
#avg/min/mac functions Example of using the "avg" function - simple
Average sale price of vendor sales
#avg/min/mac functions Example of using the "avg", "min" & "max" functions together
Average sale price of vendor sales with 2 columns for the min and max price
#avg/min/mac functions Example of using the "avg", "min" & "max" functions together with the "by" clause
Average sale price of vendor sales with 2 columns for the min and max price compared with the category id
#count function The... "| stats count(field)" does what?
By adding a field to the count function we can get a count of the number of events where the field is present
#sum function Example of stats command with multiple functions of "count" and "sum" Note: count and sum in a search must be within the same price
Count "units sold" and sum the price of "gross sales" and compare by the product name
#count function Example of the stats count with the "as" clause
Count number of vendor sales and change column name to "Total Sells By Vendors"
#count function Example of the stats count with the "as" clause and "by" clause
Count number of vendor sales and change column name to "Total Sells By Vendors" and list count by product name
#dc function Example of using "dc" or" distinct_count"
Count the "number of games for sales by vendors" and compare with the sale prices of those games
#top command When using the "Top" command what default results does that command return?
Count, percent and Top 10
#top command What does the "Top" command do?
Finds the most common values of a given field
#rare command What does the "rare" command do?
Has same values as the "top" command but shows the least common values of a field set
#rare command Example of the "rare" command with the "by" clause
Least sold 3 products by vendor in the last 7 days, rename "count" field to "Number of Sales" , disable show percentage view,
#list function Example of using the "list" function with the "as" and "by" clause
List assets as "company assets" and compare to "employees"
#stats command what does the "list" function return?
Lists all values of a given field
#stats command What doe the count function return?
Number of events matching search criteria
#stats command what does distinct count or "dc" function return?
Number of unique events for a field
What do the transforming commands do with the search results?
Order search results into a data table for statistical purposes
#sum function Example of sum function with the "as" and "by" clause
Sum the price of vendor sales, rename to "Gross Sale"s and compare by the product name
#top command Example of the Top command with clauses
Top 5 vendors with the percentage turned off and renaming the "count" field to "Number of Sales" and add another row "other" for vendors not listed in the top 5
#top command What are some "top" command clauses that can be added to the pipeline?
Top Command Clauses
#top command When using the "top" command how can you get "all" results from the search inside of the top 10?
add "limit=0 to the | top pipeline
Which clause would you use to rename the count field? sourcetype=vendor* | stats count____________"Units Sold" a. rename b. as c. to d. show
b. as
#stats command what does the "values" function return?
lists all unique values of a field
#stats command what does the "average" or "avg" function return?
returns the average of numerical values
#stats command what does the "max" function return?
returns the maximum numeric vale
#stats command what does the "min" function return?
returns the minimum numeric value
#stats command what does the "sum" function return?
returns the sum of numerical values
#values function Example of using the "values" function with the "by" clause
search for the values of "s_hostname" and compare by username
#sum function Example of using sun function - simple
simple use of sum
#top command Example of using the "top" command with the "by" clause
top 3 products sold by vendor in the last 7 days, rename "count" field to "Number of Sales" , disable show percentage view,