Deployment Architecture

bins command returns too few bins

drpog
New Member

Hi
I have a long list of measurements called standardised with values between 0.0 and 1.0 I was to display the distribution of the frequency these values in a histogram e.g.

Range Count
0.0 - 0.1 10
0.1 - 0.2 40

and so on. I run my command:

source="MessageTimes.csv" | bin standardised bins=10 | stats count by standardised

What I get back is 2 bins not 10 ( see the attached picture).

alt text

0 Karma

drpog
New Member

Thanks for the reply - but while it is nice to see a workaround that will work in this particular instance I am really asking why in general the

bins=10

option returns ONLY 2 bins!

I imagine that the span workaround will work in fact in this case I can prob. dispense with the bins=10 alltogether and just use :

| bin standardised span=0.1

I assume the whole point of bins=10 is that I don't have to go through my data and calculate a suitable range span, that Splunk will work out automatically a suitable span range for me.

0 Karma

HiroshiSatoh
Champion

try this!

| bin standardised bins=10 span=0.1

0 Karma

HiroshiSatoh
Champion

It is not good if there is "0.0". Please workaround.

ex.
span=0.1
OR
|eval standardised=standardised+0.01

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...