Release Date: July 28, 2022

Download: Experimental Median Quartile Quantile v5.0.0.pak

SHA256:  d424a848113cbb2ec1d7a578e59208fd6e35a6b91a85d9ac87c892688698c283

Enhancement

Usage Information

Median:

This chart command allows you to calculate the statistical median from the provided field.

Syntax: | chart median(fieldname) as string

For example, "| chart median(doable_mps) as Median" command calculates the median for the values of field doable_mps from event logs and assigns the calculated value to the Median field. 

Quartile:

This chart command allows you to calculate the statistical quartile from the provided field. This is helpful in understanding the normal profile for the particular field value.

Syntax: | chart quartile(fieldname) as string1, string2, string3. 

Here, string1, string2, and string3 are optional fields. The default fields are Q1, Q2, and Q3.

For example, "| chart quartile(doable_mps)" command calculates the quartile for the values of doable_mps and assigns the calculated value to the Q1, Q2, and Q3 fields. This gives three values for dividing the entire range field doable_mps into four parts. 

Quantile:

This process command performs dynamic enrichment to add a new field quantile. This new field includes values taken at regular intervals from the inverse of the cumulative distribution function (CDF) of an interesting field from event logs. This allows Security Analysts to find unique and rare logs.

Syntax: | process quantile(fieldname)

For example, "| process quantile(doable_mps)" command calculates the quantile for the values of doable_mps and assigns the calculated value to the quantile field. 

Installation

To install Experimental Median Quartile Quantile:

1. Download the .pak file provided above in Download.

2. Go to Settings >> System Settings >> Applications.

3.  Click Import.

4.  Browse to the downloaded .pak file.

5. Click Upload.

Release Details

Usage Information

Median:

This chart command allows you to calculate the statistical median from the provided field.

Syntax: | chart median(fieldname) as string

For example, "| chart median(doable_mps) as Median" command calculates the median for the values of field doable_mps from event logs and assigns the calculated value to the Median field. 

Quartile:

This chart command allows you to calculate the statistical quartile from the provided field. This is helpful in understanding the normal profile for the particular field value.

Syntax: | chart quartile(fieldname) as string1, string2, string3. 

Here, string1, string2, and string3 are optional fields. The default fields are Q1, Q2, and Q3.

For example, "| chart quartile(doable_mps)" command calculates the quartile for the values of doable_mps and assigns the calculated value to the Q1, Q2 and Q3 fields. This gives three values for dividing entire range field doable_mps into four parts. 

Quantile:

This process command performs dynamic enrichment to add new field ”quantile”. This new field includes values taken at regular intervals from the inverse of the cumulative distribution function (CDF) of an interesting field from event logs. This allows Security Analysts to find unique and rare logs.

Syntax: | process quantile(fieldname)

For example, "| process quantile(doable_mps)" command calculates the quantile for the values of doable_mps and assigns the calculated value to the quantile field. 

Installation

Follow these steps to install the Experimental Median Quartile Quantile Plugin v3.0.0:

1. Download the Experimental Median Quartile Quantile Plugin package provided above in the Download section.
2. Install the package by importing the pak file to LogPoint under Settings >> System >> Applications.