Archive
Highlighted

Learning to use anomalies?

Explorer

The documentation has not been much help all I really want is to start learning how to use it. Every time I try to use one of the example searches (or at least a version specific to my logs) I get: "A separating field was not found. Carrying on without it" and no unexpectedness field is visible. Does anyone no how to fix this? Or alternatively, just a few searches good for familiarizing myself with the use of anomalies?

Here is the documentation just in case: http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Anomalies

Highlighted

Re: Learning to use anomalies?

Splunk Employee
Splunk Employee

Could you provide some examples of the searches you are performing or other specifics that might help us answer your question?

0 Karma
Highlighted

Re: Learning to use anomalies?

Path Finder

Are you using "annomalies ... by fieldname". Then the message tells you that there are some events without the fieldname field I would guess.

0 Karma