Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I show fastest growing products?

nimmos
Engager
‎09-30-2015 06:59 AM

Hello,

I have a shop that sells different kind of products. Usually I have a search to show me the top 10 products sold in the last 24 hours, but some of the products in that list are all-time best-sellers and not so interesting to see (as I already know about those).

How do I get a list of top sold products that, let's say, are trending today (24 hours), but are not global trenders?

Example:

Today the top 10 sold products are:
1-milk*
2-beer*
3-tuna*
4-beef
5-cheese*
6-coffee*
7-bread
8-chicken
9-eggs
10-cereals*

Of those, the starred ones (*) 1, 2, 3, 5, 6, 10 are all-time sellers, so I would be more interested in showing only the not starred ones, which are trending today only:
-beef
-bread
-chicken
-eggs

My idea is to get the top 10 for the last 7 days, and then diff it with the top 10 of last 24 hours, but not sure if this is a good approach for what I want to accomplish, or what time-range to pick to find the all-time sellers.

The general idea is to show only the newcomers to this list of top 10 sold products. Or in other words, the products that are growing faster over a period of time.

Any suggestion?

Thanks a lot!

0 Karma
Reply

somesoni2
Revered Legend
‎09-30-2015 08:21 AM

Try something like this

Your base search earliest=-14d@d latest=@d [search your  base search earliest=@d latest=now | top 10 product showperc=f | table product | bucket span=1d _time | stats count by product _time | stats avg(count)  as "Last2Weeks" by product | append [search your  base search earliest=@d latest=now | top 10 product showperc=f | rename count as "Today"] | stats values(*) as * by product | where Today>1.25*Last2Week

Basically, get the top 10 products today, find the avg daily count for them in last 2 weeks, and compare them with today's count. My example threshold is 1.25 times (configured yours). The all time best sellers will not show much deviation from the average, so using that assumption for basis of this.

0 Karma
Reply

lpolo
Motivator
‎09-30-2015 07:31 AM

Can you provide a log sample? So a query could be devise.
Thanks,
Lp

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...