Splunk Search

Using stats - how to correlate a value to time of day?

briang67
Communicator

Hello,

I have an app where I'm splunking a sales price of an item that fluctuates throughout the day. Is there a way using the stats command to correlate whether it's more likely for the price to be a certain value at a certain time of day? Like would the product sales price tend to be lower earlier rather than later in the day... Would the analyzefields function be used for this?

Thanks

Tags (1)
0 Karma

sideview
SplunkTrust
SplunkTrust

I'd start with something like this:

<your search> | stats min(price) max(price) avg(price) by date_hour | sort date_hour

or maybe if there's also variation from products to products (Im making up a field called productCategory)

<your search> | chart avg(price) over date_hour by productCategory 

gkanapathy
Splunk Employee
Splunk Employee

If that's what you're looking for, you should look for correlations between date_hour and price, perhaps using correlate or analyzefields.

0 Karma

briang67
Communicator

I've actually done something similar to both these approaches, but I'm looking for something more like "tell me that there's a correlation to a particular time of day, so I should run the timechart". I'm tracking multiple products so I want to spot the one that correlates better than others, or the ones that seem to have a lower price at specific times of the day. Something like show me the std deviation of the sales price across time slices. ie. Check the prices for the same item on subsequent days at 2PM, 3PM, 4PM, etc to find the lowest value.

Thank you

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...