How to detect change in regular pattern

chanduira · ‎07-19-2016

Hi Experts,

We want to detect change in data pattern. Example I have server with Power consumption is 2 KW, if there is change is Power consumption may be like +5% or -5% how to detect automatically send alerts are or generate report.

Is there any command or apps to detect change in data pattern.

sundareshr · ‎07-19-2016

You could also look at autoregress command. Something like this might work

... | reverse | autoregress powerconsumption  as prev_value | eval change=prev_value/powerconsumption | where change<0.05 OR change>0.05

http://docs.splunk.com/Documentation/Splunk/6.1.4/SearchReference/Autoregress

tormodbp · ‎07-19-2016

Have you tried the anomalies command? It allows you to set a threshold value to indicate if an event, or field, is considered unexpected or anormal.

... | anomalies threshold=0.05 field=powerconsumption

https://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/Anomalies

In your alert you can specify a custom trigger condition. If you are using anomalies then the added field unexpectedness would present you the calculated "unexpectedness" and filtering out events inside the threshold, thus leaving you with only the unexpected events. You can then create a custom trigger condition that triggers an alarm if the fields value is above your threshold. The anomalies command should filter out any event within your threshold so choosing to trigger whenever the search gets a hit is also an option.

Here are some links to the Alerting Manual:
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/AlertTriggerConditions
http://docs.splunk.com/Documentation/Splunk/6.4.2/Alert/Definescheduledalerts#Advanced_conditional_a...

Cheers,

How to detect change in regular pattern

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)