All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Machine learning toolkit Assistant - Detect numerical outliers - Timechart value by field

cybwalker
New Member
‎09-22-2017 02:51 PM

I am trying to use the machine learning toolkit assistant for detecting numerical outliers in transaction response time for multiple targets. I want to treat data set for each target over a period of time separately and apply the algorithm to each set.

I am using this query in the assistant:

index=dc10 sourcetype=ML |timechart useother=f limit=20 span=10m values(resptime) by name

I expect to use the "resptime" field to analyze and split by the "name" field. However this is not working as I expected it to. I am getting the values for "name" in the "Field to analyze" drop down.

I can use it against a single target (name) and it works fine. Is there a way to apply the algorithm in a way that I need? I don't want to write separate queries to create a model for each of the targets.

0 Karma
Reply

Sukisen1981
Champion
‎09-23-2017 01:56 AM

hmm i understand what you mean, The outlier model will analyse only one field at a time to detect outliers.
Now, here is what you can try -
Try running the the model THROUGH the ML app in search , there is an 'open in search' link in the outlier model.
This will give you the query.
Now save it as a dashboard and add a filter input where you add something like |name as your drop down token.
This will allow user to choose the needed name through a dropdown.
Now, pass the token to your model (the search query) where it can pick the name based on the token selected by the user, your model now works dynamically based on the name token selection

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...