Splunk Search

How to use MLTK to tune DNS Query Length Outliers query?

DanAlexander1
Engager

Hi All,

I am trying to tune up a notable called DNS Query Length Outliers

Using the MLTK App to set up the data, but the number of the notables remain the same.

Am I doing something wrong? I followed some instructions on how to build the data model required for the notable to work, but still no luck. Worth mention that when I run the SPL in the Search, it delivers different number of notables.

What  option shall I use from the "Experiments" within the MLTK App to make the data work for the notable.

The code is from here: https://github.com/splunk/security_content/blob/develop/detections/experimental/network/dns_query_le...

 

Thank you in advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...