All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Are there any Text analyzer app that we can use in splunk?

NicoloPunzalan2
Engager
‎12-17-2017 10:37 PM

Hi All,

Just want to know if there are built-in apps in Splunk that can analyze text or strings and give me the most used words or phrases in a field. I have this field short_description which contains the description of the ticket. I tried to use stats count by short_description and used the word cloud viz but it treats the string as one and there are too many values for the short description of the tickets.

Is there a way that we can get the most used texts or phrases from that field and display them like in the word cloud viz?
Thanks in advance.

All the best,
Nicolo

Tags (1)
0 Karma
Reply

cmerriman
Super Champion
‎12-18-2017 12:09 PM

there are a few routes to take.
This is a sentiment analytics app. It uses naive bayes to train your own data from the CLI.
https://splunkbase.splunk.com/app/1179/

This is the machine learning toolkit, which comes with a lot of algorithms, including the TFIDF for feature extraction on text fields, allowing other algorithms to be used on terms for analysis.
https://splunkbase.splunk.com/app/2890/

0 Karma
Reply

matbos
New Member
‎12-18-2017 12:38 AM

If you can limit yourself to words rather than phrases then this bit of code should work:

index="myIndex" |  makemv myField | mvexpand myField | stats count by myField

It assumes that words are space separated, if you have any other separtor just tweak makemv command.

What happens here is makemv splits normal text field into multi value field, mvexpand "flattens" it (puts each value as a separate event) and stats part just makes stats magic 🙂

0 Karma
Reply

andrey2007
Contributor
‎12-17-2017 11:38 PM

Try to use Splunk Machine Learning Toolkit App especially built-in TFIDF(term frequency–inverse document frequency) numerical statistic
after that you can use word cloud viz.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...