Documentation > Splunk > Search Reference > kmeans

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

kmeans

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

kmeans

Synopsis

Performs k-means clustering on selected fields.

Syntax

kmeans [kmeans-options]* field-list

Arguments

kmeans-options
Syntax:
Description:

Description

Performs k-means clustering on select fields (or all numerical fields if empty). Events in the same cluster will be moved next to each other. Optionally the cluster number for each event is displayed.

Examples

Example 1: Group search results into 4 clusters based on the values of the "date_hour" and "date_minute" fields.

... | kmeans k=4 date_hour date_minute

Example 2: Group results into 2 clusters based on the values of all numerical fields.

... | kmeans


See also

anomalies, anomalousvalue, cluster, outlier

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.4/SearchReference/Kmeans"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.