stdev
This page explains how to use the stdev aggregation function in APL.
The stdev aggregation in APL computes the standard deviation of a numeric field within a dataset. This is useful for understanding the variability or dispersion of data points around the mean. You can apply this aggregation to various use cases, such as performance monitoring, anomaly detection, and statistical analysis of logs and traces.
Use the stdev function to determine how spread out values like request duration, span duration, or response times are. This is particularly helpful when analyzing data trends and identifying inconsistencies, outliers, or abnormal behavior.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, the stdev aggregation function works similarly but has a different syntax. While SPL uses the stdev command within the stats function, APL users will find the aggregation works similarly in APL with just minor differences in syntax.
ANSI SQL users
ANSI SQL users
In ANSI SQL, the standard deviation is computed using the STDDEV function. APL’s stdev function is the direct equivalent of SQL’s STDDEV, although APL uses pipes (|) for chaining operations and different keyword formatting.
Usage
Syntax
Parameters
numeric_field: The field containing numeric values for which the standard deviation is calculated.
Returns
The stdev aggregation returns a single numeric value representing the standard deviation of the specified numeric field in the dataset.
Use case examples
You can use the stdev aggregation to analyze HTTP request durations and identify performance variations across different requests. For instance, you can calculate the standard deviation of request durations to identify potential anomalies.
Query
Output
| req_duration_std |
|---|
| 345.67 |
This query calculates the standard deviation of the req_duration_ms field in the sample-http-logs dataset, helping to understand how much variability there is in request durations.
You can use the stdev aggregation to analyze HTTP request durations and identify performance variations across different requests. For instance, you can calculate the standard deviation of request durations to identify potential anomalies.
Query
Output
| req_duration_std |
|---|
| 345.67 |
This query calculates the standard deviation of the req_duration_ms field in the sample-http-logs dataset, helping to understand how much variability there is in request durations.
In distributed tracing, calculating the standard deviation of span durations can help identify inconsistent spans that might indicate performance issues or bottlenecks.
Query
Output
| span_duration_std |
|---|
| 0:00:02.456 |
This query computes the standard deviation of span durations in the otel-demo-traces dataset, providing insight into how much variation exists between trace spans.
In security logs, the stdev function can help analyze the response times of various HTTP requests, potentially identifying patterns that might be related to security incidents or abnormal behavior.
Query
Output
| status | resp_time_std |
|---|---|
| 200 | 123.45 |
| 500 | 567.89 |
This query calculates the standard deviation of request durations grouped by the HTTP status code, providing insight into the performance of different status codes.
List of related aggregations
- avg: Calculates the average value of a numeric field. Use
avgto understand the central tendency of the data. - min: Returns the smallest value in a numeric field. Use
minwhen you need to find the minimum value. - max: Returns the largest value in a numeric field. Use
maxto identify the peak value in a dataset. - sum: Adds up all the values in a numeric field. Use
sumto get a total across records. - count: Returns the number of records in a dataset. Use
countwhen you need the number of occurrences or entries.
stdev
This page explains how to use the stdev aggregation function in APL.
The stdev aggregation in APL computes the standard deviation of a numeric field within a dataset. This is useful for understanding the variability or dispersion of data points around the mean. You can apply this aggregation to various use cases, such as performance monitoring, anomaly detection, and statistical analysis of logs and traces.
Use the stdev function to determine how spread out values like request duration, span duration, or response times are. This is particularly helpful when analyzing data trends and identifying inconsistencies, outliers, or abnormal behavior.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk SPL, the stdev aggregation function works similarly but has a different syntax. While SPL uses the stdev command within the stats function, APL users will find the aggregation works similarly in APL with just minor differences in syntax.
ANSI SQL users
ANSI SQL users
In ANSI SQL, the standard deviation is computed using the STDDEV function. APL’s stdev function is the direct equivalent of SQL’s STDDEV, although APL uses pipes (|) for chaining operations and different keyword formatting.
Usage
Syntax
Parameters
numeric_field: The field containing numeric values for which the standard deviation is calculated.
Returns
The stdev aggregation returns a single numeric value representing the standard deviation of the specified numeric field in the dataset.
Use case examples
You can use the stdev aggregation to analyze HTTP request durations and identify performance variations across different requests. For instance, you can calculate the standard deviation of request durations to identify potential anomalies.
Query
Output
| req_duration_std |
|---|
| 345.67 |
This query calculates the standard deviation of the req_duration_ms field in the sample-http-logs dataset, helping to understand how much variability there is in request durations.
You can use the stdev aggregation to analyze HTTP request durations and identify performance variations across different requests. For instance, you can calculate the standard deviation of request durations to identify potential anomalies.
Query
Output
| req_duration_std |
|---|
| 345.67 |
This query calculates the standard deviation of the req_duration_ms field in the sample-http-logs dataset, helping to understand how much variability there is in request durations.
In distributed tracing, calculating the standard deviation of span durations can help identify inconsistent spans that might indicate performance issues or bottlenecks.
Query
Output
| span_duration_std |
|---|
| 0:00:02.456 |
This query computes the standard deviation of span durations in the otel-demo-traces dataset, providing insight into how much variation exists between trace spans.
In security logs, the stdev function can help analyze the response times of various HTTP requests, potentially identifying patterns that might be related to security incidents or abnormal behavior.
Query
Output
| status | resp_time_std |
|---|---|
| 200 | 123.45 |
| 500 | 567.89 |
This query calculates the standard deviation of request durations grouped by the HTTP status code, providing insight into the performance of different status codes.
List of related aggregations
- avg: Calculates the average value of a numeric field. Use
avgto understand the central tendency of the data. - min: Returns the smallest value in a numeric field. Use
minwhen you need to find the minimum value. - max: Returns the largest value in a numeric field. Use
maxto identify the peak value in a dataset. - sum: Adds up all the values in a numeric field. Use
sumto get a total across records. - count: Returns the number of records in a dataset. Use
countwhen you need the number of occurrences or entries.