Solved: Data results not aligning with time

plapila · ‎08-26-2021

Been experimenting with ML toolkit and having some weird issues. I can get nice predictions by teaching the data but when trying to visulize and show the data on a table I get some issues. The data and the prediction don't seem to align by time even thou the time field is same.

plapila · ‎09-17-2021

I was able to correct this by using chart instead of timechart

@plapila wrote:
@ITWhisperer wrote:
What was the SPL you used to produce this?
index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

View solution in original post

ITWhisperer · ‎08-27-2021

What was the SPL you used to produce this?

plapila · ‎08-29-2021

@ITWhisperer wrote:
What was the SPL you used to produce this?

index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

plapila · ‎09-17-2021

I was able to correct this by using chart instead of timechart

@plapila wrote:
@ITWhisperer wrote:
What was the SPL you used to produce this?
index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

Data results not aligning with time

table

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

Data results not aligning with time

table

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0