Module 8: SPL Fundamentals

Question 1

Splunk Search Language: Commands

Answer 1

Tells splunk what to do with search results. (Charts, stats, formatting)

Question 2

Splunk Search Language: Functions

Answer 2

Explains how to execute command (sum, average, etc.)

Question 3

Arguments

Answer 3

Variables to apply to functions

Question 4

Clauses

Answer 4

How to group or define results

Question 5

(pipe)

Answer 5

Tells splunk to pass results to next search component

Question 6

Boolean color code

Answer 6

Orange

Question 7

Commands color code

Answer 7

Blue

Question 8

Argument color code

Answer 8

Green

Question 9

Functions color code

Answer 9

Purple

Question 10

Search commands execute in which direction

Answer 10

Left to right. Narrow as they go

Question 11

Fields command

Answer 11

Includes/Excludes specific fields from search

Question 12

Table command

Answer 12

Returns a table with fields in the argument list

Question 13

Rename command

Answer 13

Assigns friendly name to field in tabular view.

Affects search if used early

Question 14

Dedup command

Answer 14

Removes duplicate events with common values

Question 15

sort + vs sort - in numeric searches

Answer 15

Sort + sorts in ascending order (1-100)

Sort - sorts in descending (100-1)

Question 16

limit command

Answer 16

Limits displayed results