Solved: Data results not aligning with time

plapila · ‎08-26-2021

Been experimenting with ML toolkit and having some weird issues. I can get nice predictions by teaching the data but when trying to visulize and show the data on a table I get some issues. The data and the prediction don't seem to align by time even thou the time field is same.

plapila · ‎09-17-2021

I was able to correct this by using chart instead of timechart

@plapila wrote:
@ITWhisperer wrote:
What was the SPL you used to produce this?
index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

View solution in original post

ITWhisperer · ‎08-27-2021

What was the SPL you used to produce this?

plapila · ‎08-29-2021

@ITWhisperer wrote:
What was the SPL you used to produce this?

index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

plapila · ‎09-17-2021

I was able to correct this by using chart instead of timechart

@plapila wrote:
@ITWhisperer wrote:
What was the SPL you used to produce this?
index=fav AND ACTION="Modem boot" | bin _time span=1d | timechart count by ACTION | apply Modemboot

index=fav AND ACTION="Modem boot"
| bin _time span=1d | chart count(ACTION) as "Modem boot" by _time span=1d cont=true | apply Modemboot

Data results not aligning with time

table

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?