Module 9: Transforming Commands

Module 9: What does adding a field to the count function while using the stats command return?

Adding a field as an argument to the count function returns the number of events where a value is present for the specified field

Module 9: What does the count function of the stats command do?

Returns the number of matching events based on the current search criteria; you use the as clause to rename the count field

Module 9: What does the avg function of the stats command do?

The avg function provides the average numeric value for the given numeric field

Module 9: What results does adding a by clause produce?

The by clause returns a count for each value of a named field or set of fields

Module 9: What does the list function of the stats command do?

The list function lists all field values for a given field

Module 9: What does the sum function of the stats command do?

The sum function is used for fields with numeric values to add the actual values of that field

Module 9: What does the values function of the stats command do?

The values function lists unique values for the specified field

Module 9: What are common functions that are included when using the stats command?

count, distinct_count (dc), sum, avg, list and values

Module 9: What does using the distinct_count (dc) function of the stats command do?

distinct_count (dc) provides a count of how many unique values there are for a given field in the result set

Module 9: What command is used to return the least common field values of a given field in the results?

rare

Module 9: What command enables you to calculate statistics on data that matches your search criteria?

stats

Module 9: What command allows you to get the most common values from your results in a given field?

top