standard deviation by hour for last business week ...

Splunk Search

I need help with framing a query which gives me the standard deviation of 5 values (for last business week) and compare the same with today's traffic for the same hour and trigger an alert if the difference is more than x%

All i could get was the values for the same hour ever business day last week using simple chart command and I couldn't go past that.

index=ABC sourcetype=DEF uri="/sample/event/test" earliest=-6d@w1 AND latest=-1d@w6 date_hour>5 date_hour<=18 | chart limit=100 span=1h dc(unique_id) over date_hour by date_mday

Result

date_hour   19  20   21 22  23
  7        60366  61630  62768 62533 64369

I need data in this below format or at least the 3 values I am looking for

StdDev(Last business week between 8 am - 9 am ET)    Current_Hour's_Traffic       DIfference_In_%
             500                                           450                        10

Thanks a lot.

Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...