Splunk Search
Highlighted

Using stats - how to correlate a value to time of day?

Communicator

Hello,

I have an app where I'm splunking a sales price of an item that fluctuates throughout the day. Is there a way using the stats command to correlate whether it's more likely for the price to be a certain value at a certain time of day? Like would the product sales price tend to be lower earlier rather than later in the day... Would the analyzefields function be used for this?

Thanks

Tags (1)
0 Karma
Highlighted

Re: Using stats - how to correlate a value to time of day?

SplunkTrust
SplunkTrust

I'd start with something like this:

<your search> | stats min(price) max(price) avg(price) by date_hour | sort date_hour

or maybe if there's also variation from products to products (Im making up a field called productCategory)

<your search> | chart avg(price) over date_hour by productCategory 
Highlighted

Re: Using stats - how to correlate a value to time of day?

Communicator

I've actually done something similar to both these approaches, but I'm looking for something more like "tell me that there's a correlation to a particular time of day, so I should run the timechart". I'm tracking multiple products so I want to spot the one that correlates better than others, or the ones that seem to have a lower price at specific times of the day. Something like show me the std deviation of the sales price across time slices. ie. Check the prices for the same item on subsequent days at 2PM, 3PM, 4PM, etc to find the lowest value.

Thank you

0 Karma
Highlighted

Re: Using stats - how to correlate a value to time of day?

Splunk Employee
Splunk Employee

If that's what you're looking for, you should look for correlations between date_hour and price, perhaps using correlate or analyzefields.

0 Karma