Splunk Machine Learning Toolkit contains Detect Categorical Outliers method. Splunk documentation mentions that The Detect Categorical Outliers assistant uses the probabilistic measures algorithm.
I am trying to understand how it works in more detail. Where can i find more information about internals of this method?
The main command being used in the "Detect Catgorical Outliers" assistant is the anomalydetection command.
You can read more about it on the docs page, but to summarize, it uses log probabilities, interquartile ranges, as well as gaussian assumptions (depending on the mode you use).
View solution in original post
Detect Categorical Outliers assistant is based on "anomalydetection" command.
Its documentation can be found here:
Hopefully, that answers your question.
the Detect Categorical Outliers uses "anomalydetection" which is a splunk search command. You can find details on this page:
You can also click the "Show SPL" button to find out the underlying SPL that constructs the query.