15. What is lookup command? Difference between inputlookup and Outputlookup?

Lookup commands are used when you want to receive some fields from an external file (such as CSV file or any python based script) to get some value of an event. It is used to narrow the search results as it helps to reference fields in an external CSV file that match fields in your event data.

Inputlookup: An inputlookup basically takes an input as the name suggests. For example, it would take the product price, product name as input and then match it with an internal field like a product id or an item id.

OutputLookup: An outputlookup is used to generate an output from an existing field list. Basically, inputlookup is used to enrich the data and outputlookup is used to build their information.

16. What is difference between eval, stats, chart, and timechart command?

eval command allows you to create a new field altogether and then use that field in subsequent parts for searching the data.

Stats: Stats is a reporting command which is used to present data in a tabular format.

Charts: Chart displays the data in the form of a bar, line or area graph. It also gives the capability of generating a pie chart.

Timechart: Timechart allows you to look at bar and line graphs. However, pie charts are not possible.

17. Diffrence between table and top command?

Table: it displays the result into tabular format and it will only work on the given field that you have mentioned in the query and display column according to field that you have given in the query

Top: Finds the most common values for the fields in the field list. Calculates a count and a percentage of the frequency the values occur in the events