Finds the standard deviation value for a distribution of numerical values within the time range analyzed and associated with a group designated by the "group by" field.
- Creates field named
You can use the query below to view the standard deviation of time delay, along with the average of time delay, max delay, and the min delay for a Source. You can use this query to troubleshoot large message time and receipt time discrepancies.
| abs(_receipttime - _messagetime) as delt
| delt/1000/60 as delt
| min(delt), max(delt), avg(delt), stddev(delt), count(*) by _collector, _sourcename