Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. Splunk Inc.
  6. News
  7. Summary
    SPLK   US8486371045

SPLUNK INC.

(SPLK)
  Report
Real-time Estimate Quote. Real-time Estimate Cboe BZX - 12/07 09:47:27 am
117.065 USD   +3.10%
08:15aSplunk 2022 Predictions Spotlight a Data-Driven Future
BU
12/06LISTEN TO THOSE PIPES : Part 1
PU
12/06PERFORMANCE TESTING TOOLS : 8 to Help Find Your Bottlenecks
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Splunk : No Regrets Using Autoregress

10/13/2021 | 12:32pm EST
Share:
By Tom Smit October 13, 2021

This blog post is part forty two of the "Hunting with Splunk: The Basics" series, which takes a single Splunk search command or hunting concept and breaks it down to its basic parts.

If you're like me, you've occasionally found yourself staring at the Splunk search bar trying to decide how best to analyze a series of data, iterating against one or more fields.

If your brain gravitates towards traditional programming syntax, the first thing that pops into your mind may be application of a for or while loop (neither of which follow Turing convention in SPL). With commands like stats, streamstats, eventstats, or foreach at your disposal, which one should a hunter use?

Well, it depends on the data and the required outcome. For example, let's say we want to calculate the total distance travelled by a salesperson or an escaped toad. The data may contain waypoint information that requires iterative calculation, such as latitude and longitude (or, in some cases, this enrichment may be extracted from the source data, such as with the iplocation command).

Enter autoregress. Sounds fancy. But here's the thing, the autoregression command is used to calculate a moving average. Here is a link to the Splunk docs description of the autoregress command. Go ahead and check it out, we'll wait.

Finished? Awesome. Let's talk about practical applications.

Because the autoregress command is a centralized streaming command, it applies a transformation to each event returned by a search and only works on the search head.

You might be saying to yourself, "Self, I've never heard of this command before." Well, you're not alone. It's not new, but not particularly well known. Kyle Smith of Aplura, LLC, included autoregress in his .conf2016 talk, "Lesser Known Search Commands". Unlike iterative commands, such as map or foreach, the autoregress command is a statistical command (in the same family as the widely used stats and tstats commands).

Kyle expands on the definition as "a Moving Average is a succession of averages calculated from successive events (typically of constant size and overlapping) of a series of values" and notes the following:

  • Allows advanced statistical calculations based on previous values
  • Moving Averages of numerical fields
  • Network bandwidth trending - kbps, latency, duration of connections
  • Web Analytics Trending - number of visits, duration of visits, average download size
  • Malicious Traffic Trending - excessive connection failures

Let's say we're planning a road trip to visit some of the top craft breweries in the Mid Atlantic United States, and fed that data into Splunk. We want to compute the distance between waypoints and the total distance we're traveling (so we know how much fuel to put into our personal jetpack). We apply autoregress to both latitude and longitude in order to iterate through the waypoints, then perform any further applicable calculations, such as `globedistance()` or streamstats.

Once you've pulled the relevant fields, your command may look something like this:

… | autoregress lat as prev_lat | autoregress lon as prev_lon | 
`globedistance(lat,lon,prev_lat,prev_lon,units)` | streamstats sum(distance) AS totaldistance


Here's an example:

As shown above, the autoregress command may help you gather the information where commands like stats, streamstats, eventstats, or foreach alone aren't necessarily suitable. If you're like me, you should have no regrets adding the autoregress command to your SPL utility belt.

We invite you to join us for the Sixth Annual Boss of the SOC premiering at .conf21, where you'll have the chance to buckle up and flex your Splunk super powers.

Happy hunting!

Follow all the conversations coming out of #splunkconf21!

Follow @splunk

Disclaimer

Splunk Inc. published this content on 13 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 October 2021 16:31:13 UTC.


ę Publicnow 2021
All news about SPLUNK INC.
08:15aSplunk 2022 Predictions Spotlight a Data-Driven Future
BU
12/06LISTEN TO THOSE PIPES : Part 1
PU
12/06PERFORMANCE TESTING TOOLS : 8 to Help Find Your Bottlenecks
PU
12/03SPLUNKER STORIES : Sol Warnock
PU
12/02SPLUNK INC Management's Discussion and Analysis of Financial Condition and Results of ..
AQ
12/02SPLUNK FOR OT SECURITY : Perimeter And Vulnerability Evolution
PU
12/02Needham Adjusts Splunk's Price Target to $181 from $203, Keeps Buy Rating
MT
12/02SPLUNK : How to Deploy the Splunk OpenTelemetry Collector to Gather Kubernetes Metrics
PU
12/02Rosenblatt Adjusts Splunk's Price Target to $185 from $196, Keeps Buy Rating
MT
12/02SPLUNK : Announcing the GA of Splunk APM's AlwaysOn Profiling
PU
More news
Analyst Recommendations on SPLUNK INC.
More recommendations
Financials (USD)
Sales 2022 2 550 M - -
Net income 2022 -1 485 M - -
Net Debt 2022 1 467 M - -
P/E ratio 2022 -12,5x
Yield 2022 -
Capitalization 18 029 M 18 029 M -
EV / Sales 2022 7,64x
EV / Sales 2023 6,25x
Nbr of Employees 6 500
Free-Float 94,7%
Chart SPLUNK INC.
Duration : Period :
Splunk Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends SPLUNK INC.
Short TermMid-TermLong Term
TrendsBearishBearishNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 39
Last Close Price 113,54 $
Average target price 166,15 $
Spread / Average Target 46,3%
EPS Revisions
Managers and Directors
Graham Vivian Smith Chairman & Chief Executive Officer
Teresa H. Carlson President & Chief Growth Officer
Jason E. Child Chief Financial Officer & Senior Vice President
Shawn Bice President-Products & Technology
Stephen G. Newberry Lead Independent Director
Sector and Competitors
1st jan.Capi. (M$)
SPLUNK INC.-33.17%18 029
MICROSOFT CORPORATION46.66%2 449 028
SEA LIMITED24.02%136 920
ATLASSIAN CORPORATION PLC49.44%89 333
DASSAULT SYSTÈMES SE55.37%76 586
ROBLOX CORPORATION0.00%65 553