Splunk Search

Data results not aligning with time

plapila
Explorer

Been experimenting with ML toolkit and having some weird issues. I can get nice predictions by teaching the data but when trying to visulize and show the data on a table I get some issues. The data and the prediction don't seem to align by time even thou the time field is same.

 

splunk_data_align.jpg

Labels (1)
Tags (2)
0 Karma
1 Solution

plapila
Explorer

I was able to correct this by using chart instead of timechart

 


@plapila wrote:

@ITWhisperer wrote:

What was the SPL you used to produce this?


index=fav  AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

 


index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What was the SPL you used to produce this?

0 Karma

plapila
Explorer

@ITWhisperer wrote:

What was the SPL you used to produce this?


index=fav  AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

 

0 Karma

plapila
Explorer

I was able to correct this by using chart instead of timechart

 


@plapila wrote:

@ITWhisperer wrote:

What was the SPL you used to produce this?


index=fav  AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

 


index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...