Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Trendline period integer syntax queston (sma | ema | wma)

UMDTERPS
Communicator
‎10-23-2019 06:09 AM

I am looking through the documentation on Splunk about trendlines and sma | ema | wma. In the documentation, it says you must pick an integer between 2 and 1000:

https://docs.splunk.com/Documentation/Splunk/7.3.2/SearchReference/Trendline

| trendline sma2(muffins) as trend

The documentation doesn't say what the period means, but you have to pick a number between 2 and 1000. I assuming "2" is one day, "3" is two days???

0 Karma
Reply

to4kawa
Ultra Champion
‎10-23-2019 06:42 AM 
| makeresults count=100
| eval number = random() % 100 + 1
| streamstats count
| fields count number
| fields - _time
| trendline sma2(number) sma5(number) sma10(number)

Hi, As you can see from the results, period is not limited to time.

0 Karma
Reply

russell120
Communicator
‎10-23-2019 06:54 AM

@to4kawa Could you explain what period is?

0 Karma
Reply

to4kawa
Ultra Champion
‎10-23-2019 07:12 AM

Moving average

Period means

the previous n data

Reply

UMDTERPS
Communicator
‎10-23-2019 10:15 AM

Ahh, I see. The Splunk documentation needs to be more clear.

0 Karma
Reply

russell120
Communicator
‎10-23-2019 10:08 AM

Oh I understand, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...