Solved: Display Standard Deviation (stdev) Percentage

albyva · ‎09-18-2013

I'm looking to calculate the Standard Deviation percentage (stdev / mean) * 100
but I'm wondering how do I craft the (eval) and then display all the fields (stdev, mean, and percentage)?

index=generic
| stats mean(bps_out) stdev(bps_out) by router

Thanks,

rturk · ‎09-18-2013

Hi Albyva,

Give the following a try:

index=generic
| stats mean(bps_out) AS mean, stdev(bps_out) AS stdev BY router
| eval stdev_percentage=(mean/stdev)*100

Let me know how you go 🙂

RT

References:

Splunk Docs: stats
Splunk Docs: Functions for stats, chart, and timechart
Splunk Docs: eval

View solution in original post

rturk · ‎09-18-2013

Hi Albyva,

Give the following a try:

index=generic
| stats mean(bps_out) AS mean, stdev(bps_out) AS stdev BY router
| eval stdev_percentage=(mean/stdev)*100

Let me know how you go 🙂

RT

References:

Splunk Docs: stats
Splunk Docs: Functions for stats, chart, and timechart
Splunk Docs: eval

albyva · ‎09-18-2013

Thanks. That worked like a charm.

Display Standard Deviation (stdev) Percentage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Join the Conversation