Splunk Search

How to create a query that follow trend (line chart) of another query.

Rao_KGY
Loves-to-Learn

I have a panel in a dashboard that plot a trend line for last 24 Hrs. Now I wanna create a new alert query that should follow the trendline of panel.

If the output of alert query doesn't match (not exactly but to an extent) the pattern of panel query then it should trigger an alert. 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

For anomaly detection, you should  consider using the MLTK.

Otherwise, you need to fashion a report which detects anomalies and use that for triggering you alert. In order to do this, you need to be able to define what an anomaly looks like, so that you can instruct Splunk to find them for you.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...