standard deviation by hour for last business week ...

Splunk Search

I need help with framing a query which gives me the standard deviation of 5 values (for last business week) and compare the same with today's traffic for the same hour and trigger an alert if the difference is more than x%

All i could get was the values for the same hour ever business day last week using simple chart command and I couldn't go past that.

index=ABC sourcetype=DEF uri="/sample/event/test" earliest=-6d@w1 AND latest=-1d@w6 date_hour>5 date_hour<=18 | chart limit=100 span=1h dc(unique_id) over date_hour by date_mday

Result

date_hour   19  20   21 22  23
  7        60366  61630  62768 62533 64369

I need data in this below format or at least the 3 values I am looking for

StdDev(Last business week between 8 am - 9 am ET)    Current_Hour's_Traffic       DIfference_In_%
             500                                           450                        10

Thanks a lot.

Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...