Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Learning to use anomalies?

passing
Explorer
‎07-23-2013 08:41 AM

The documentation has not been much help all I really want is to start learning how to use it. Every time I try to use one of the example searches (or at least a version specific to my logs) I get: "A separating field was not found. Carrying on without it" and no unexpectedness field is visible. Does anyone no how to fix this? Or alternatively, just a few searches good for familiarizing myself with the use of anomalies?

Here is the documentation just in case: http://docs.splunk.com/Documentation/Splunk/5.0.3/SearchReference/Anomalies

Reply

fbl_itcs
Path Finder
‎01-21-2014 03:39 AM

Are you using "annomalies ... by field_name". Then the message tells you that there are some events without the field_name field I would guess.

0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎07-25-2013 06:18 AM

Could you provide some examples of the searches you are performing or other specifics that might help us answer your question?

--
Jesse Trucks
Minister of Magic
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...