Solved: Is there a way to remove the min outlier from the ...

HattrickNZ · ‎02-01-2018

I have the following chart:

now I can use outliers to remove the max outliers:
... | outlier action=remove

But is there a way to remove the minimum outlier

I have had a look at the docs, but stats are not my strong point, and I can't seem to find a way with this command.
The max and min values are approx +60K and -50K. The outlier will remove the +60K but not the -50K values in this case.

Based on the numbers here in the graph is there a way to remove the min outlier?
Maybe I need to look at another command?

somesoni2 · ‎02-01-2018

Try outlier action=remove uselower=true

<uselower>
Syntax: uselower=<bool>
Description: Controls whether to look for outliers for values below the median in addition to above.
Default: false

View solution in original post

somesoni2 · ‎02-01-2018

Try outlier action=remove uselower=true

<uselower>
Syntax: uselower=<bool>
Description: Controls whether to look for outliers for values below the median in addition to above.
Default: false

HattrickNZ · ‎02-01-2018

tks I should have read this documentation.
https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Outlier

Is there a way to remove the min outlier from the graph?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?