bins command returns too few bins

drpog · ‎10-25-2017

Hi
I have a long list of measurements called standardised with values between 0.0 and 1.0 I was to display the distribution of the frequency these values in a histogram e.g.

Range Count
0.0 - 0.1 10
0.1 - 0.2 40

and so on. I run my command:

source="MessageTimes.csv" | bin standardised bins=10 | stats count by standardised

What I get back is 2 bins not 10 ( see the attached picture).

drpog · ‎10-25-2017

Thanks for the reply - but while it is nice to see a workaround that will work in this particular instance I am really asking why in general the

bins=10

option returns ONLY 2 bins!

I imagine that the span workaround will work in fact in this case I can prob. dispense with the bins=10 alltogether and just use :

| bin standardised span=0.1

I assume the whole point of bins=10 is that I don't have to go through my data and calculate a suitable range span, that Splunk will work out automatically a suitable span range for me.

HiroshiSatoh · ‎10-25-2017

try this!

| bin standardised bins=10 span=0.1

HiroshiSatoh · ‎10-26-2017

It is not good if there is "0.0". Please workaround.

ex.
span=0.1
OR
|eval standardised=standardised+0.01

bins command returns too few bins

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!