Dashboards & Visualizations
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create patterns

chandana204
Communicator
‎01-26-2018 09:58 AM

Hi,
I am working on a data which contained different types of fields. I wanted to create patterns using these fields.
Ex: the data is as below
process= "processed"
process="send"
transfer="transferred"
error="fatal"

the above data flow is : Processed --> send --> transferred ( if the file is not able to make send/transferred that will reflect on error field )

My question is here, If i search for a file_name this total pattern should be show w.r.t timestamp. How can i create patterns using splunk tool. I am wondering does splunk tool has that much capability to create new patterns and find anomalies from these patterns?

Appreciate for your help

Thanks,
Chandana

0 Karma
Reply

niketn
Legend
‎01-26-2018 10:12 AM

Splunk SPL provides several methods for anomaly detection. Refer to anomalydetection and related commands in Splunk Documentation: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/ListOfSearchCommands

Also refer to Advanced Statistics documentation: https://docs.splunk.com/Documentation/Splunk/latest/Search/Aboutadvancedstatistics

In your case you should apply prediction and outlier for all series "processed", "send", "transferred" and "fatal". You can also refer to Splunk Machine Learning Toolkit for this.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

chandana204
Communicator
‎01-26-2018 12:10 PM

Thank you for your response.

I have been working on these commands past week but not able to find a proper solution. I can only work on single field but here, if i search a file_name that should be show whole patterns of all fields and if the file_name has missed or low probability then it should show on anomalies list.

NOTE: I want to find out anomalies from the patterns of the file

0 Karma
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top