Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Relevance of Ratings Based on Different Weights by ID

RKB1923
Engager
‎10-09-2012 09:41 AM

Hi, beginner here having problems trying to write a query.

In my data, I have an event that records when an app is rated (the event records id and rating from one to five stars). I want to weigh the ratings like so:

5-star or 1-star = important (2 point)
4-star or 2-star = semi_important (1.5 points)
3-star = not_important (1 points)

I'm weighing the star-ratings unequally as I believe those who are extremely satisfied/dissatisfied will tend to be more vocal and those having average experiences will not be. I want the query to return the apps that need the most attention, good or bad.

Based on those points, I'd like to create a relevance score:
relevance = important + semi_important + not_important

I'd like to return a table with the following columns:
id, rating, average_rating, relevance

I can get the first three columns with the following, but don't know how to get my relevance score:

evt_name="RateApplet" | stats count("evt_name") as times_rated avg("rating") as average_rating by applet_id

Thank you for any guidance anyone can give me (or any suggestions to improve).

Tags (1)
Reply

yannK
Splunk Employee
Splunk Employee
‎10-09-2012 05:15 PM

for each app, do a count by rating.

evt_name="RateApplet" | stats count("evt_name") by applet_id rating

it will return something like
applet_id | rating | count

Then you can use an nice eval function to calculate your weight (or define a macro)

| eval rating_weight=case(rating=3 OR rating=4,1.5, rating=5 OR rating=1,2,1=1,0)
| eval weight=count*rating_weight

And finally do another stat to sum the weight per app.

| stats sum(weight) by applet_id

the total search looks like,

evt_name="RateApplet" | stats count("evt_name") by applet_id rating
| eval rating_weight=case(rating=3 OR rating=4,1.5, rating=5 OR rating=1,2,1=1,0)
| eval weight=count*rating_weight
| stats sum(weight) by applet_id

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...