General Description
Experimental Median Quartile Quantile includes commands to perform statistical analysis (median, quartile, and quantile) of events based on fields. All these commands take numerical field values as input.
Release Date: July 28, 2022
Download: Experimental Median Quartile Quantile v5.0.0.pak
SHA256: d424a848113cbb2ec1d7a578e59208fd6e35a6b91a85d9ac87c892688698c283
Enhancement
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Experimental Median Quartile Quantile has been updated to comply with LogPoint v7.1.0. |
PLUG-8897 |
- |
Usage Information
Median:
This chart command allows you to calculate the statistical median from the provided field.
Syntax: | chart median(fieldname) as string
For example, "| chart median(doable_mps) as Median" command calculates the median for the values of field doable_mps from event logs and assigns the calculated value to the Median field.
Quartile:
This chart command allows you to calculate the statistical quartile from the provided field. This is helpful in understanding the normal profile for the particular field value.
Syntax: | chart quartile(fieldname) as string1, string2, string3.
Here, string1, string2, and string3 are optional fields. The default fields are Q1, Q2, and Q3.
For example, "| chart quartile(doable_mps)" command calculates the quartile for the values of doable_mps and assigns the calculated value to the Q1, Q2, and Q3 fields. This gives three values for dividing the entire range field doable_mps into four parts.
Quantile:
This process command performs dynamic enrichment to add a new field quantile. This new field includes values taken at regular intervals from the inverse of the cumulative distribution function (CDF) of an interesting field from event logs. This allows Security Analysts to find unique and rare logs.
Syntax: | process quantile(fieldname)
For example, "| process quantile(doable_mps)" command calculates the quantile for the values of doable_mps and assigns the calculated value to the quantile field.
Installation
To install Experimental Median Quartile Quantile:
- Download the .pak file provided above in Download.
-
Go to Settings >> System Settings >> Applications.
-
Click Import.
-
Browse to the downloaded .pak file.
-
Click Upload.
Release Details
|
Fields |
Details |
|---|---|
|
Name |
Experimental Median Quartile Quantile |
|
Version |
3.0.0 |
|
Supported On |
LogPoint v6.3.0 to v7.0.2 |
|
Release Date |
2018-07-30 |
| Document Date |
2018-07-30 |
| Download | |
| SHA256 |
09d90a97e9fe35d383dabe2f2c13a95b668dacfda133e39a06ce964257fab341 |
Usage Information
Median:
This chart command allows you to calculate the statistical median from the provided field.
Syntax: | chart median(fieldname) as string
For example, "| chart median(doable_mps) as Median" command calculates the median for the values of field doable_mps from event logs and assigns the calculated value to the Median field.
Quartile:
This chart command allows you to calculate the statistical quartile from the provided field. This is helpful in understanding the normal profile for the particular field value.
Syntax: | chart quartile(fieldname) as string1, string2, string3.
Here, string1, string2, and string3 are optional fields. The default fields are Q1, Q2, and Q3.
For example, "| chart quartile(doable_mps)" command calculates the quartile for the values of doable_mps and assigns the calculated value to the Q1, Q2 and Q3 fields. This gives three values for dividing entire range field doable_mps into four parts.
Quantile:
This process command performs dynamic enrichment to add new field ”quantile”. This new field includes values taken at regular intervals from the inverse of the cumulative distribution function (CDF) of an interesting field from event logs. This allows Security Analysts to find unique and rare logs.
Syntax: | process quantile(fieldname)
For example, "| process quantile(doable_mps)" command calculates the quantile for the values of doable_mps and assigns the calculated value to the quantile field.
Installation
Follow these steps to install the Experimental Median Quartile Quantile Plugin v3.0.0:
- Download the Experimental Median Quartile Quantile Plugin package provided above in the Download section.
- Install the package by importing the pak file to LogPoint under Settings >> System >> Applications.
Release Details
|
Fields |
Details |
|---|---|
|
Name |
Experimental Median Quartile Quantile |
|
Version |
3.0.0 |
|
Supported On |
LogPoint v6.0.0 to v6.2.0 |
|
Release Date |
2017-06-26 |
| Document Date |
2017-06-26 |
| Download | |
| SHA256 | 09d90a97e9fe35d383dabe2f2c13a95b668dacfda133e39a06ce964257fab341 |
Usage Information
Median:
This chart command allows you to calculate the statistical median from the provided field.
Syntax: | chart median(fieldname) as string
For example, "| chart median(doable_mps) as Median" command calculates the median for the values of field doable_mps from event logs and assigns the calculated value to the Median field.
Quartile:
This chart command allows you to calculate the statistical quartile from the provided field. This is helpful in understanding the normal profile for the particular field value.
Syntax: | chart quartile(fieldname) as string1, string2, string3.
Here, string1, string2, and string3 are optional fields. The default fields are Q1, Q2, and Q3.
For example, "| chart quartile(doable_mps)" command calculates the quartile for the values of doable_mps and assigns the calculated value to the Q1, Q2 and Q3 fields. This gives three values for dividing entire range field doable_mps into four parts.
Quantile:
This process command performs dynamic enrichment to add new field ”quantile”. This new field includes values taken at regular intervals from the inverse of the cumulative distribution function (CDF) of an interesting field from event logs. This allows Security Analysts to find unique and rare logs.
Syntax: | process quantile(fieldname)
For example, "| process quantile(doable_mps)" command calculates the quantile for the values of doable_mps and assigns the calculated value to the quantile field.
Installation
Follow these steps to install the Experimental Median Quartile Quantile Plugin v3.0.0:
- Download the Experimental Median Quartile Quantile Plugin package provided above in the Download section.
- Install the package by importing the pak file to LogPoint under Settings >> System >> Applications.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.