×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
duncan
Observer
Member since: ‎12-14-2022
‎02-14-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎12-14-2022
View All

How to get standard deviation of daily maximum ove...

by in Splunk Search
‎12-15-2022 02:59 AM
‎12-15-2022 02:59 AM
Gudde Muergen! I'm quite new to Splunk, so I'm having difficulties figuring out how to do this search properly. Here's a small snippet of events: mc1_date mc1_time mc1_system mc1_catalog mc1_adds mc1_updates mc1_gets mc1_getupd mc1_deletes 15.12.2022 08:05:05 SYSS1 CATALOG.MASTER.SYSS1 0 0 5081 0 0 14.12.2022 08:05:16 SYSS1 CATALOG.MASTER.SYSS1 0 0 5012 0 0 13.12.2022 10:05:12 SYSS1 CATALOG.MASTER.SYSS1 0 0 6719 0 0 12.12.2022 08:05:12 SYSS1 CATALOG.MASTER.SYSS1 0 0 5051 0 0 11.12.2022 08:05:03 SYSS1 CATALOG.MASTER.SYSS1 0 0 5008 0 0 10.12.2022 08:05:08 SYSS1 CATALOG.MASTER.SYSS1 0 0 5012 0 0 09.12.2022 14:05:16 SYSS1 CATALOG.MASTER.SYSS1 0 0 11387 0 0   The table above contains the max daily mc1_gets values for CATALOG.MASTER.SYSS1 on SYSS1 from the last 7 days. The whole sourcetype contains hourly data with multiple systems and multiple catalogs per system. What I need is a way to get, per catalog, per system, the standard deviation of the daily max values of mc1_gets over a span of 7 days (or more). The output data for the table above should look something like this in the end: mc1_system mc1_catalog mc1_gets SYSS1 CATALOG.MASTER.SYSS1 2380.05   Any help would be much appreciated! Mat beschte Gréiss, Duncan Hagen ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-14-2024 03:44 AM