Is there a way to draw the line of where the cutof...

HattrickNZ · ‎12-06-2018

I refer to the outlier command
https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier

*Is there a way to draw the line of where the cutoff point for outliers is? *
I can play with the paramiters like this ... | outlier action=remove uselower=true param=1.6 |, which moves the cutoff point for outliers, but I don't get to see the line exactly.

How can I finetune my outlier approach and or the param, because currently my outlier is cutting off datapoints that I do not want it to cut off.

I can also try to draw the line myself, but this is a very first attempt.

... | eventstats median(attempts) as med_att median(successfullAttempts) | eval x=med_att-(0.25*med_att)

which gives this pic

From the docs:

Filtering is based on the
inter-quartile range (IQR), which is
computed from the difference between
the 25th percentile and 75th
percentile values of the numeric
fields. If the value of a field in an
event is less than (25th percentile) -
param*IQR or greater than (75th
percentile) + param*IQR , that field
is transformed or that event is
removed based on the action parameter.

Is there a way to draw the line of where the cutoff point for outliers is?

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

Is there a way to draw the line of where the cutoff point for outliers is?

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey