Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Question about analyzefields search command

briang67
Communicator
‎10-29-2010 07:55 PM

The analyzefields seems to be interesting in its ability to correlate across multiple fields, but I cannot determine what the output is actually telling me. I see four columns that are returned in a table: count, cocur, acc and balacc.

It looks like count is the number of occurrences of the field in my data set. I'm at a loss for the other columns. The documentation does not describe the resulting output. http://www.splunk.com/base/Documentation/latest/SearchReference/Af

Any stats experts out there?

Thank you

Reply

steveyz
Splunk Employee
Splunk Employee
‎01-11-2011 07:53 PM

cocur is the cocurrence of the field versus the classfield. Basically it is 1 if field exists in every event where classfield exists.

acc is the accuracy in predicting the value of the classfield using the value of the field, using a multi-class guassian maximal likelihood estimation. This is only valid for numerical fields.

balacc is the "balanced accuracy", which is basically just the accuracy adjusted for the distribution of values of the classfield. Basically, a non-weighted average of the accuracies in predicting each value of the classfield. Again this is only valid for numerical fields.

Reply

sophy
Splunk Employee
Splunk Employee
‎01-11-2011 10:42 PM

0

thank you, steveyz. i've added this information to the docs.

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Observability - November 2025

Feature Highlight  Analyze your dimensions and metrics with Usage Analytics  To help optimize telemetry data ...

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...