I have numeric data.
I'd like to group the data.
It is easy to use 'Kmeans' command, but it cannot be necessarily k=3.
I want to set k automatically.
Or Is there any other good idea to group?
ex)
53,752
53,731
53,699
10,427
10,437
110,854
111,054
111,001
...
result)
53,752 | 1 |
53,731 | 1 |
53,699 | 1 |
10,427 | 2 |
10,437 | 2 |
110,854 | 3 |
111,054 | 3 |
111,001 | 3 |
..... |
kmeans has an option for setting a range of ks to attempt.
| kmeans k=3-12
Just feed it different data a few times and see what it does for you. Here's the reference.
https://docs.splunk.com/Documentation/Splunk/8.0.4/SearchReference/Kmeans