Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

kmeans

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10

kmeans

Synopsis

Performs k-means clustering on selected fields.

Syntax

kmeans [kmeans-options]* field-list

Arguments

kmeans-options
Syntax:
Description:

Description

Performs k-means clustering on select fields (or all numerical fields if empty). Events in the same cluster will be moved next to each other. Optionally the cluster number for each event is displayed.

Examples

Example 1: Group search results into 4 clusters based on the values of the "date_hour" and "date_minute" fields.

... | kmeans k=4 date_hour date_minuteSearch

Example 2: Group results into 2 clusters based on the values of all numerical fields.

... | kmeansSearch


See also

anomalies, anomalousvalue, cluster, outlier

Retrieved from "http://www.splunk.com/base/Documentation/4.0.10/SearchReference/Kmeans"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.