I'm finding some splunk commands can detecting unusual event.
For example, each event has username field, usually usernames are same or similar, but sometimes there are some unusual username. So, I want to detect the unusual usernames by splunk command.
I've tried anomalies command, but didn't work as I expected.
Is there any command can reach this goad?
In this case, I want to detect username wan.
You could try the
cluster command. Check out this blog post from blogs.splunk.com.