This function of the stats command allows you to return the sample standard deviation of a field.

A.

stdev

B.

dev

C.

count deviation

D.

by standarddev

Which of the following commands will show the maximum bytes?

A.

sourcetype=access_* | maximum totals by bytes

B.

sourcetype=access_* | avg (bytes)

C.

sourcetype=access_* | stats max(bytes)

D.

sourcetype=access_* | max(bytes)

This search will return 20 results. SEARCH: error | top host limit = 20

A.

True

B.

False

Which of the following searches will show the number of categoryld used by each host?

A.

Sourcetype=access_* |sum bytes by host

B.

Sourcetype=access_* |stats sum(categoryl

C.

by host C.Sourcetype=access_* |sum(bytes) by host

D.

Sourcetype=access_* |stats sum by host

This clause is used to group the output of a stats command by a specific name.

A.

Rex

B.

As

C.

List

D.

By

This function of the stats command allows you to return the middle-most value of field X.

A.

Median(X)

B.

Eval by X 

C.

Fields(X)

D.

Values(X)

When a search returns                      , you can view the results as a list.

A.

a list of events

B.

transactions

C.

statistical values

Clicking a SEGMENT on a chart,                  .

A.

drills down for that value

B.

highlights the field value across the chart

C.

adds the highlighted value to the search criteria

Use this command to use lookup fields in a search and see the lookup fields in the field sidebar. 

A.

inputlookup

B.

lookup

Lookups can be private for a user.

A.

True

B.

False

In automatic lookup definitions, the            fields are those that are not in the event dat a.

A.

input

B.

output

What is the correct order of steps for creating a new lookup?

1. Configure the lookup to run automatically
2. Create the lookup table
3. Define the lookup

A.

2, 1, 3

B.

1, 2, 3

C.

2, 3, 1

D.

1. 3, 2, 1