Using stats - how to correlate a value to time of...

briang67 · ‎10-29-2010

Hello,

I have an app where I'm splunking a sales price of an item that fluctuates throughout the day. Is there a way using the stats command to correlate whether it's more likely for the price to be a certain value at a certain time of day? Like would the product sales price tend to be lower earlier rather than later in the day... Would the analyzefields function be used for this?

Thanks

sideview · ‎10-29-2010

I'd start with something like this:

<your search> | stats min(price) max(price) avg(price) by date_hour | sort date_hour

or maybe if there's also variation from products to products (Im making up a field called productCategory)

<your search> | chart avg(price) over date_hour by productCategory

gkanapathy · ‎10-29-2010

If that's what you're looking for, you should look for correlations between date_hour and price, perhaps using correlate or analyzefields.

briang67 · ‎10-29-2010

I've actually done something similar to both these approaches, but I'm looking for something more like "tell me that there's a correlation to a particular time of day, so I should run the timechart". I'm tracking multiple products so I want to spot the one that correlates better than others, or the ones that seem to have a lower price at specific times of the day. Something like show me the std deviation of the sales price across time slices. ie. Check the prices for the same item on subsequent days at 2PM, 3PM, 4PM, etc to find the lowest value.

Thank you

Using stats - how to correlate a value to time of day?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms