Stay organized with collections
Save and categorize content based on your preferences.
stddev
stddev(numericExpression)
Description
The stddev function returns the standard deviation over all the possible
values.
Param data types
NUMBER
Return type
NUMBER
Code Samples
Example
Find all the events where target.ip is not empty. For all the events that
match on principal.ip, store the standard deviation of
metadata.event_timestamp.seconds in a variable called stddev_seconds.
target.ip != ""
match:
principal.ip
outcome:
$stddev_seconds = stddev(metadata.event_timestamp.seconds)
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-14 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-14 UTC."],[[["\u003cp\u003eThe \u003ccode\u003estddev\u003c/code\u003e function calculates the standard deviation across a set of numeric values.\u003c/p\u003e\n"],["\u003cp\u003eIt accepts a \u003ccode\u003eNUMBER\u003c/code\u003e data type as input, represented by the \u003ccode\u003enumericExpression\u003c/code\u003e parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe function's output is a \u003ccode\u003eNUMBER\u003c/code\u003e representing the calculated standard deviation.\u003c/p\u003e\n"],["\u003cp\u003eAn example use case includes calculating the standard deviation of \u003ccode\u003emetadata.event_timestamp.seconds\u003c/code\u003e for events matching \u003ccode\u003eprincipal.ip\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["### stddev\n\n stddev(numericExpression)\n\n#### Description\n\nThe `stddev` function returns the standard deviation over all the possible\nvalues.\n\n#### Param data types\n\n`NUMBER`\n\n#### Return type\n\n`NUMBER`\n\n#### Code Samples\n\n##### Example\n\nFind all the events where `target.ip` is not empty. For all the events that\nmatch on `principal.ip`, store the standard deviation of\n`metadata.event_timestamp.seconds` in a variable called `stddev_seconds`. \n\n target.ip != \"\"\n match:\n principal.ip\n outcome:\n $stddev_seconds = stddev(metadata.event_timestamp.seconds)"]]
