https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526864#M148716 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;.. sure, i got your view, basic SPL is enough.<BR />But, i thought someone may give me some suggestions, ok, let me wait for their MLTK suggestions.&nbsp;</P><P>meanwhile, i would like to find out:</P><P><SPAN>- some good transactions (longest/shortest, etc) - these are audit logs, which got connection established, disconnected msgs. so, pls suggest how to find the longest connection(i think by using transaction it will be easy).&nbsp;</SPAN></P> Wed, 28 Oct 2020 13:51:25 GMT inventsekar 2020-10-28T13:51:25Z https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526748#M148682 <P>Hi All,</P><P>I got a bunch of logs, from which I would like get some business values. Using with or without MLTK.&nbsp;</P><P>I would like to create some dashboards from these 100k log events.&nbsp;</P><P>- some interesting fields, field values, etc</P><P>- the most famous, least famous patterns, etc</P><P>- some good transactions (longest/shortest, etc)</P><P>&nbsp;</P><P>I read some use cases of MLTK, but, being a newbie to MLTK, i could not get something out of it. Searching on google also.</P><P>Thanks for any suggestion/printers/views, anything.&nbsp;</P><P>&nbsp;</P><P>Best Regards,</P><P>Sekar</P> Wed, 28 Oct 2020 05:27:19 GMT https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526748#M148682 inventsekar 2020-10-28T05:27:19Z https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526859#M148715 <P>Machine Learning is one of the industry's favorite buzzwords lately, but you don't know what to do with it then chances are you don't need it.&nbsp; Your examples can be accomplished fairly easily with SPL.</P><P>Feel free to ask specific questions about your MLTK use cases, however.</P> Wed, 28 Oct 2020 13:27:06 GMT https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526859#M148715 richgalloway 2020-10-28T13:27:06Z https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526864#M148716 <P>Thanks&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;.. sure, i got your view, basic SPL is enough.<BR />But, i thought someone may give me some suggestions, ok, let me wait for their MLTK suggestions.&nbsp;</P><P>meanwhile, i would like to find out:</P><P><SPAN>- some good transactions (longest/shortest, etc) - these are audit logs, which got connection established, disconnected msgs. so, pls suggest how to find the longest connection(i think by using transaction it will be easy).&nbsp;</SPAN></P> Wed, 28 Oct 2020 13:51:25 GMT https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526864#M148716 inventsekar 2020-10-28T13:51:25Z https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526880#M148721 <P>This is difficult to answer without knowing more about your data.&nbsp; The transaction command may be easy to use, but it usually is very slow.&nbsp; Something like "<FONT face="courier new,courier">| stats range(_time) as duration by session_id</FONT>" may work better.</P> Wed, 28 Oct 2020 14:47:25 GMT https://community.splunk.com/t5/Splunk-Search/Interesting-fields-values-MLTK-etc/m-p/526880#M148721 richgalloway 2020-10-28T14:47:25Z