https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424986#M121865 <P>Hi Skalli. You might want to have a play around with the these two apps.</P> <P>NLP Text Analytics - <A href="https://splunkbase.splunk.com/app/4066/">https://splunkbase.splunk.com/app/4066/</A> - A collection of bits a pieces to do text analysis based around NLTK3.3 and Splunk's MLTK.</P> <P>NLP Natural Language Toolkit - NLTK wrapper - <A href="https://splunkbase.splunk.com/app/4057/">https://splunkbase.splunk.com/app/4057/</A> - Another wrapper for some of the same python libraries for Natural Language Processing.</P> <P>Should be able to get the job done, not sure how well at large scale but 11k records is not much.</P> Tue, 06 Aug 2019 16:15:52 GMT warwicks 2019-08-06T16:15:52Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424982#M121861 <P>Hello guys, </P> <P>I'm new in SPLUNK. Just wanted to ask for an advice :). Currently, I have 11,000 ticket data and I'm trying to filter the most common events/issues/words on it. I am trying the use of cluster, regex and lookup. </P> <P>What do you think is the best approach for this? </P> <P>Thank you in advance everyone. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P> Fri, 02 Aug 2019 07:14:51 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424982#M121861 chinkeeparco 2019-08-02T07:14:51Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424983#M121862 <P>Hey and welcome to the Splunk community. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>First of all, the answers to your questions have a "depends" in it. If your data is in an easy structure to onboard, you might want to start reading and working through the docs: <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Data/Getstartedwithgettingdatain">getting data in</A>. After the data is onboarded correctly, the next thing would be to build field extractions based on the events. For this, you can use the <A href="https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/ExtractfieldsinteractivelywithIFX">field extractor</A>. After you have built your fields, you can easily filter on those with something more simple like <CODE>index=yourIndex sourcetype=yourSourcetype |top your_desired_field1, field2 ...</CODE>.</P> <P>Skalli</P> Fri, 02 Aug 2019 08:28:43 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424983#M121862 skalliger 2019-08-02T08:28:43Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424984#M121863 <P>Hi Skalli! thank you for your answer. It was not a simple unfortunately.. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span> I'll give a sample data below:</P> <P><STRONG>Sample Data</STRONG><BR /> Can you please reset my password? <BR /> Password Reset request<BR /> Unable to open my account<BR /> Please help! Can't access my account.<BR /> Can't connect to Wifi<BR /> Reset my Password<BR /> ... and so on.</P> <P>I wanted to automatically filter the 11,000 data on what is the most frequent words. thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> </P> Fri, 02 Aug 2019 08:39:15 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424984#M121863 chinkeeparco 2019-08-02T08:39:15Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424985#M121864 <P>There really is no good way to do this that will scale to any degree. You should consider another Big Data tool that would be more appropriate.</P> Tue, 06 Aug 2019 15:45:14 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424985#M121864 woodcock 2019-08-06T15:45:14Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424986#M121865 <P>Hi Skalli. You might want to have a play around with the these two apps.</P> <P>NLP Text Analytics - <A href="https://splunkbase.splunk.com/app/4066/">https://splunkbase.splunk.com/app/4066/</A> - A collection of bits a pieces to do text analysis based around NLTK3.3 and Splunk's MLTK.</P> <P>NLP Natural Language Toolkit - NLTK wrapper - <A href="https://splunkbase.splunk.com/app/4057/">https://splunkbase.splunk.com/app/4057/</A> - Another wrapper for some of the same python libraries for Natural Language Processing.</P> <P>Should be able to get the job done, not sure how well at large scale but 11k records is not much.</P> Tue, 06 Aug 2019 16:15:52 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424986#M121865 warwicks 2019-08-06T16:15:52Z https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424987#M121866 <P>I wasn't the one asking but this is actually a great answer. I've linked the NLP once myself but even didn't think about it in this case. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>Skalli</P> Wed, 07 Aug 2019 08:44:06 GMT https://community.splunk.com/t5/Splunk-Search/Most-common-events-issues-words/m-p/424987#M121866 skalliger 2019-08-07T08:44:06Z