k-Means For Clustering in Splunk

Clustering of data is an excellent way of simplifying classifications. In Splunk we can create a Cluster Numeric Event as an experiment:

And create a new experiment:

In this case we will use the app_usage.csv for analysis:

This data contains the usage of range of apps on a system for different days. In this case we analyse for CRM, CloudDrive, ERP, Expenses, and so on:

k-means clustering is used to seperate n observations into k clusters:

Initially we will cluster for all the features: