k-Means For Clustering in Splunk
Clustering of data is an excellent way of simplifying classifications. In Splunk we can create a Cluster Numeric Event as an experiment:
And create a new experiment:
In this case we will use the app_usage.csv for analysis:
This data contains the usage of range of apps on a system for different days. In this case we analyse for CRM, CloudDrive, ERP, Expenses, and so on:
k-means clustering is used to seperate n observations into k clusters:
Initially we will cluster for all the features: