standard deviation by hour for last business week ...

Splunk Search

I need help with framing a query which gives me the standard deviation of 5 values (for last business week) and compare the same with today's traffic for the same hour and trigger an alert if the difference is more than x%

All i could get was the values for the same hour ever business day last week using simple chart command and I couldn't go past that.

index=ABC sourcetype=DEF uri="/sample/event/test" earliest=-6d@w1 AND latest=-1d@w6 date_hour>5 date_hour<=18 | chart limit=100 span=1h dc(unique_id) over date_hour by date_mday

Result

date_hour   19  20   21 22  23
  7        60366  61630  62768 62533 64369

I need data in this below format or at least the 3 values I am looking for

StdDev(Last business week between 8 am - 9 am ET)    Current_Hour's_Traffic       DIfference_In_%
             500                                           450                        10

Thanks a lot.

Get Updates on the Splunk Community!

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...

What's New in Splunk Cloud Platform 9.2.2406?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2406 with many ...

Enterprise Security Content Update (ESCU) | New Releases

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...