Descriptive Statistics from Splunk
Answer by sideview
Making strong inferences like that about standard deviation only works when the data set follows the normal distribution. In cases like this where the data really doesnt follow a normal distribution at all, standard deviation becomes little more than a heuristic.
UPDATE:
if you want to look at the distribution yourself you can to to the 'Advanced Charting' view and run this search:
<your search> bytes=* | chart count over bytes bins=300
There are probably a significant number of outliers at a very high number of bytes, and that's what's skewing your distribution. On my system I have to throw in a term that says `bytes<200000000` because I have enough outliers at the crazy-high end to completely throw off the chart.
at any rate, unless the chart literally looks like the curve of normal distribution, ( http://www.google.com/search?q=normal+distribution&hl=en&rlz=1C1CHFX_enUS396US396&prmd=ivns&tbm=isch&tbo=u&source=univ&sa=X&ei=RZLMTeOeEI66sAP_79XiCA&ved=0CDQQsAQ&biw=1094&bih=990 ) then those probabilistic statements about standard deviation will not be 'true'. When applied outside of normally distributed data, actually quite a lot of common statistics lose their meaning.Thu, 12 May 2011 21:37:47 GMTsideview