Hi everybody!
I know that my question could sounds primitive for senior Splunkers but I don't have other way to get needed knowledge.
I have to make transaction analysis mechanism in my company which can be able to catch and alert every anomaly in transaction value - it will be the first indicator of fraud.
At first I'll describe the structure of data what I have.
As you see there is four data fields. Operation timestamp, operation name, username and amount of transaction. It's enough data for this level of analysis.
What I want to do is to collect transaction value for each client from this table and then using this values to calculate "normal" value for each client_id.
Let's assume that model of "normal" value is just average value for each client_id.
I want to be alerted in every case when this "normal" value for each client_id will be exceeded in new event.
It's the simplest antifraud mechanism ever but enough for our scale of working. I don't have idea how to do it well. Can You help me and tell which commands, functions and syntax I need to interest of to do it? I'll be pleased for every little answer from You.
I'm begginer Splunk user but I hope someday I also could answer here for other begginers question. 🙂
Have a nice day and answer please!
KF