Answers for "Descriptive Statistics from Splunk"
https://answers.splunk.com/answers/24291/descriptive-statistics-from-splunk.html
The latest answers for the question "Descriptive Statistics from Splunk"Answer by sideview
https://answers.splunk.com/answering/24292/view.html
Making strong inferences like that about standard deviation only works when the data set follows the normal distribution. In cases like this where the data really doesnt follow a normal distribution at all, standard deviation becomes little more than a heuristic.
UPDATE:
if you want to look at the distribution yourself you can to to the 'Advanced Charting' view and run this search:
<your search> bytes=* | chart count over bytes bins=300
There are probably a significant number of outliers at a very high number of bytes, and that's what's skewing your distribution. On my system I have to throw in a term that says `bytes<200000000` because I have enough outliers at the crazy-high end to completely throw off the chart.
at any rate, unless the chart literally looks like the curve of normal distribution, ( http://www.google.com/search?q=normal+distribution&hl=en&rlz=1C1CHFX_enUS396US396&prmd=ivns&tbm=isch&tbo=u&source=univ&sa=X&ei=RZLMTeOeEI66sAP_79XiCA&ved=0CDQQsAQ&biw=1094&bih=990 ) then those probabilistic statements about standard deviation will not be 'true'. When applied outside of normally distributed data, actually quite a lot of common statistics lose their meaning.Thu, 12 May 2011 21:37:47 GMTsideview