All Apps and Add-ons

Are there any Text analyzer app that we can use in splunk?

NicoloPunzalan2
Engager

Hi All,

Just want to know if there are built-in apps in Splunk that can analyze text or strings and give me the most used words or phrases in a field. I have this field short_description which contains the description of the ticket. I tried to use stats count by short_description and used the word cloud viz but it treats the string as one and there are too many values for the short description of the tickets.

Is there a way that we can get the most used texts or phrases from that field and display them like in the word cloud viz?
Thanks in advance.

All the best,
Nicolo

Tags (1)
0 Karma

cmerriman
Super Champion

there are a few routes to take.
This is a sentiment analytics app. It uses naive bayes to train your own data from the CLI.
https://splunkbase.splunk.com/app/1179/

This is the machine learning toolkit, which comes with a lot of algorithms, including the TFIDF for feature extraction on text fields, allowing other algorithms to be used on terms for analysis.
https://splunkbase.splunk.com/app/2890/

0 Karma

matbos
New Member

If you can limit yourself to words rather than phrases then this bit of code should work:

index="myIndex" |  makemv myField | mvexpand myField | stats count by myField

It assumes that words are space separated, if you have any other separtor just tweak makemv command.

What happens here is makemv splits normal text field into multi value field, mvexpand "flattens" it (puts each value as a separate event) and stats part just makes stats magic 🙂

0 Karma

andrey2007
Contributor

Try to use Splunk Machine Learning Toolkit App especially built-in TFIDF(term frequency–inverse document frequency) numerical statistic
after that you can use word cloud viz.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...