Stack #4078237

Quiz yourself by thinking what should be in each of the black spaces below before clicking on it to display the answer.

Help!

Question

Answer

show

• A knowledge object that applies information structure to raw data • Can be used by the Pivot interface to generate reports and dashboard panels • Must contain at least one of each dataset: Events, Searches, and Transactions

🗑

To add a Root Event Dataset, what field is required to be manually added? Duration maxpause maxspan Dataset Name Dataset ID

show

🗑

When adding fields to a dataset, which of the following creates a new field based on an expression that you define? Auto-Extracted Lookup Geo IP Eval Expression

show

🗑

show

ascending

🗑

Which of the following do all event datasets contain? Select all that apply. • Constraints • Children • Fields • Purchases

show

🗑

show

• A name for the workflow action. • A URI where the user will be directed at search time. • A label that will appear in the Event Action menu at search time

🗑

Which of the following can be used with the eval command tostring function? "hex" "commas" "decimal" "duration"

show

🗑

show

• index=main source=mySource oldField=* |'makeMyField(oldField)'| table _time newField • index=main source=mySource oldField=* | stats if('makeMyField(oldField)') | table _time newField

🗑

A user wants to convert numeric field values to strings and also to sort on those values.

show

🗑

show

• B. Lookups • D. Field extractions

🗑

show

• Accelerated data models cannot be edited. • Private data models cannot be accelerated. • You must have administrative permissions or the accelerate_datamodel capability to accelerate a data model.

🗑

show

• C. By changing Stack Mode in the Format menu.

🗑

If no value is specified with the fillnull command, what default value will be used? • A. 0 • B. N/A • C. ג€" • D. NULL

show

🗑

show

🗑

show

C. Constraints and fields.

🗑

When using timechart, how many fields can be listed after a by clause?

show

🗑

show

Both will appear in the Interesting Fields list, but only if they appear in at least 20 percent of events.

🗑

Which of the following statements describes macros?

show

🗑

In what order are the following knowledge objects/configurations applied? Field Aliases, Field Extractions, Lookups Field Extractions, Field Aliases, Lookups Field Extractions, Lookups, Field Aliases Lookups, Field Aliases, Field Extractions

show

🗑

show

• C. When the search string needs to be used in future searches.

🗑

Which command is used only to create a time series visualization? a. _time b. chart c. timechart d. timeseries

show

🗑

. Which of the following statements describe field aliases? ) a Field aliases are applied after lookups. b Field aliases are applied before lookups. c Field aliases can be applied to lookups. d The original field is not replaced by the field alias.

show

🗑

. What action type is used when creating a POST workflow action? a. Web b. Link c. HTTP d. HTTPS

show

🗑

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.

To hide a column, click on the column name.

To hide the entire table, click on the "Hide All" button.

You may also shuffle the rows of the table by clicking on the "Shuffle" button.

Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

<iframe src="http://www.studystack.com/istudytable-4078237" width="1278px" height="1762px" frameborder="0"></iframe><br /><a href="http://www.studystack.com">Flashcards and educational games by StudyStack</a><br />

Normal Size Small Size show me how

Created by: rruiz57