Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add a MLTK Visualization to a Splunk dashboard?

sebastien07
Engager
‎06-15-2023 05:48 AM

I would like to add an outliers' chart from the Machine learning visualizations to my splunk dashboard. The visualization itself is not available in the dashboard studio, and I can't find any documentations for it. Running my query in the search tab works fine because it detects what visualization i want to use automatically.

My query: 

 

 

 

index=xxx sourceServiceName="xxx" cn1="xxx"
| bucket _time span=1h
| stats count by _time 
| sort - count 
| eventstats median("count") as median  
| eval absDev=(abs('count'-median)) 
| eventstats median(absDev) as medianAbsDev  
| eval lowerBound=(median-medianAbsDev*exact(8)), upperBound=(median+medianAbsDev*exact(8)) 
| eval isOutlier=if('count' < lowerBound OR 'count' > upperBound, 1, 0)  
| fields _time, "count", lowerBound, upperBound, isOutlier, *

 

 

 

 

I tried replacing fields with "table" but wouldn't fix it. Any help is appreciated.

Labels (4)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-15-2023 06:01 AM

Try this

<viz type="Splunk_ML_Toolkit.OutliersViz">

View solution in original post

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-15-2023 05:53 AM

Use classic SimpleXML dashboards or wait until Studio catches up - you could be waiting for some time though

0 Karma
Reply
Solved! Jump to solution

sebastien07
Engager
‎06-15-2023 05:55 AM

Also would like to try that, but i can't find the name of the outlier's chart to use for the SimpleXML

 
 
0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-15-2023 06:01 AM

Try this

<viz type="Splunk_ML_Toolkit.OutliersViz">
0 Karma
Reply
Solved! Jump to solution

sebastien07
Engager
‎06-15-2023 06:20 AM

I think this could work. I'm not used to working with the XML editor for dashboards.
Any idea why this would fail to spit out the results?

<dashboard version="1.1">
<label>test-webtraffic</label>
  <row>
    <chart> 
      <search>
        <query>index=xxx sourceServiceName="xxx" cn1="xxx" | bucket _time span=1h | stats count by _time | sort - count | eventstats median("count") as median | eval absDev=(abs('count' -median)) | eventstats median(absDev) as medianAbsDev | eval lowerBound=(median-medianAbsDev*exact(8)), upperBound=(median+medianAbsDev*exact(8)) | eval isOutlier=if('count' &lt; lowerBound OR 'count' &gt; upperBound, 1, 0) | fields _time, "count", lowerBound, upperBound, isOutlier, *
        </query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <viz type="Splunk_ML_Toolkit.OutliersViz"></viz>
    </chart>  
  </row>
</dashboard>
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...