Splunk query to identify an anomaly for increase i...

VS0909 · ‎08-30-2020

Need help with Splunk query to identify an anomaly for increase in frequency of errors in logs. Historic data to compare with old errors frequency , can be of past one week.

richgalloway · ‎08-30-2020

Please be more specific. What is your definition of "anomaly"? What kind of logs are you looking at?

---
If this reply helps you, Karma would be appreciated.

VS0909 · ‎08-30-2020

Thanks for the reply.

I am looking to trigger an alert in splunk if the frequency of an error (log_level=error) increases in server logs as compared to its threshold value. I have index for logs index=Serverlogs1.

Threshold value should be calculated dynamically based on past one week server logs.

Please help.

thambisetty · ‎08-31-2020

check below video, it uses machine learning to detect numerical outliers and also video describes how to use standard deviation ( with out machine learning) this may help you.

https://conf.splunk.com/files/2019/recordings/FN1390.mp4

————————————
If this helps, give a like below.

Splunk query to identify an anomaly for increase in frequency of errors in logs

count

eval

fields

stats

subsearch

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?