Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

bins command returns too few bins

drpog
New Member
‎10-25-2017 08:57 PM

Hi
I have a long list of measurements called standardised with values between 0.0 and 1.0 I was to display the distribution of the frequency these values in a histogram e.g.

Range Count
0.0 - 0.1 10
0.1 - 0.2 40

and so on. I run my command:

source="MessageTimes.csv" | bin standardised bins=10 | stats count by standardised

What I get back is 2 bins not 10 ( see the attached picture).

alt text

Preview file
43 KB
0 Karma
Reply

drpog
New Member
‎10-25-2017 11:51 PM

Thanks for the reply - but while it is nice to see a workaround that will work in this particular instance I am really asking why in general the

bins=10

option returns ONLY 2 bins!

I imagine that the span workaround will work in fact in this case I can prob. dispense with the bins=10 alltogether and just use :

| bin standardised span=0.1

I assume the whole point of bins=10 is that I don't have to go through my data and calculate a suitable range span, that Splunk will work out automatically a suitable span range for me.

0 Karma
Reply

HiroshiSatoh
Champion
‎10-25-2017 10:09 PM

try this!

| bin standardised bins=10 span=0.1

0 Karma
Reply

HiroshiSatoh
Champion
‎10-26-2017 01:27 AM

It is not good if there is "0.0". Please workaround.

ex.
span=0.1
OR
|eval standardised=standardised+0.01

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...