Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Anomaly Detection on a Key list of fields

koshyk
Super Champion
‎01-18-2021 05:18 AM

Our system currently has grown over time with 1000's of enrichments, TA and custom apps. We were planning to upgrade Splunk to another version and wanted to do as much testing automated

So i've developed plan to pump Live data pre & post change in TEST machine thus detecting the important fields, eventtypes, tags are working correctly. But this measurement is done manually

Is there an easy way or module to detect such anomalies or divergence if we give a set of "fields" it should detect for?

For example, what i'm looking for is

 

# set of key-fields
user
eventtypes
tags
host

 

 

I need to detect if the values of these `key-fields` have dramatically changed between two cycles (or dates), thus we can say a particular TA or upgrade caused to break those fields

 

Labels (4)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-18-2021 05:38 AM

Machine Learning Toolkit (MLTK) might give you what you need, although you will still have to invest some time developing and evaluating your models before they can reliably be used to detect anomalies.

0 Karma
Reply

koshyk
Super Champion
‎01-26-2021 12:23 AM

I did check in MLTK thoroughly now, but nothing inbuilt for Splunk own sourcetypes/eventtypes/fields

So it is a generic which I've to build up. hopefully will see if anyone else have built-up on such deviations for Splunk's own fields

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...