How to do stddev on both latitude and longitude?

Follow
Avatar
Sergey Aldoukhov

I would like to select for users that login from ip addresses that are far apart. The best idea that I have so far is to get the sum of stddev on both latitude and longitude grouped by username and get the top values. F.e like the query below:

_sourceCategory="user_logins"
| json auto
| lookup latitude, longitude from geo://location on ip=remote_address
| stddev(latitude, longitude) by username

But unfortunately, I can only stdev on 1 field, is there a way around?

0

Comments

1 comment

Sort by Date Votes
  • Official comment
    Avatar
    Dan Reichert

    Hi Sergey, 

    You can perform a multiple aggregates as such:

    _sourceCategory="user_logins"
    | json auto
    | lookup latitude, longitude from geo://location on ip=remote_address
    | stddev(latitude) as latitude, stddev(longitude) as longitude by username

    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post