How to create patterns

Path Finder

I am working on a data which contained different types of fields. I wanted to create patterns using these fields.
Ex: the data is as below
process= "processed"

the above data flow is : Processed --> send --> transferred ( if the file is not able to make send/transferred that will reflect on error field )

My question is here, If i search for a file_name this total pattern should be show w.r.t timestamp. How can i create patterns using splunk tool. I am wondering does splunk tool has that much capability to create new patterns and find anomalies from these patterns?

Appreciate for your help


0 Karma


Splunk SPL provides several methods for anomaly detection. Refer to anomalydetection and related commands in Splunk Documentation:

Also refer to Advanced Statistics documentation:

In your case you should apply prediction and outlier for all series "processed", "send", "transferred" and "fatal". You can also refer to Splunk Machine Learning Toolkit for this.

| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

Thank you for your response.

I have been working on these commands past week but not able to find a proper solution. I can only work on single field but here, if i search a file_name that should be show whole patterns of all fields and if the file_name has missed or low probability then it should show on anomalies list.

NOTE: I want to find out anomalies from the patterns of the file

0 Karma