How to use MLTK to tune DNS Query Length Outliers ...

Splunk Search

Hi All,

I am trying to tune up a notable called DNS Query Length Outliers

Using the MLTK App to set up the data, but the number of the notables remain the same.

Am I doing something wrong? I followed some instructions on how to build the data model required for the notable to work, but still no luck. Worth mention that when I run the SPL in the Search, it delivers different number of notables.

What option shall I use from the "Experiments" within the MLTK App to make the data work for the notable.

The code is from here: https://github.com/splunk/security_content/blob/develop/detections/experimental/network/dns_query_le...

Thank you in advance.

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...