All Apps and Add-ons

Machine learning toolkit Assistant - Detect numerical outliers - Timechart value by field

cybwalker
New Member

I am trying to use the machine learning toolkit assistant for detecting numerical outliers in transaction response time for multiple targets. I want to treat data set for each target over a period of time separately and apply the algorithm to each set.

I am using this query in the assistant:

index=dc10 sourcetype=ML |timechart useother=f limit=20 span=10m values(resptime) by name

I expect to use the "resptime" field to analyze and split by the "name" field. However this is not working as I expected it to. I am getting the values for "name" in the "Field to analyze" drop down.

I can use it against a single target (name) and it works fine. Is there a way to apply the algorithm in a way that I need? I don't want to write separate queries to create a model for each of the targets.

0 Karma

Sukisen1981
Champion

hmm i understand what you mean, The outlier model will analyse only one field at a time to detect outliers.
Now, here is what you can try -
Try running the the model THROUGH the ML app in search , there is an 'open in search' link in the outlier model.
This will give you the query.
Now save it as a dashboard and add a filter input where you add something like |name as your drop down token.
This will allow user to choose the needed name through a dropdown.
Now, pass the token to your model (the search query) where it can pick the name based on the token selected by the user, your model now works dynamically based on the name token selection

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...