Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
14 results
Sorted by:
04-02-2012
08:23 AM
1 Karma
Hi,
Can anyone explain the difference between anomalies and anomalousvalue? From the search reference, it looks like anomalies operates on a single field and is context-sensitive (i.e. looks at t...
Show results in replies (3)
-
anomalousvalue actually only analyzes one field at a time, but it you can apply it to any a...
-
...nomalous if you you have a lot of rare values. anomalousvalue considers the distribution of values when d...
-
So if had data that had host and event fields, and I ran anomalousvalue action=filter host,event .....
04-02-2013
06:52 AM
I ran the following:
source="/path/to/vpn_log" | anomalousvalue action=summary date_hour
Every event was normal (even after changing pthresh). I noticed the mean and stddev were all 0. The I...
- Tags:
- search-language
07-01-2015
12:12 PM
I want to start out with: EventIdentifier=4624 | AnomalousValue "Workstation Name"
...but this search returns an error. What am I doing wrong here? It's like Splunk doesn't know what the "W...
12-07-2016
01:30 AM
I have a field called capacity. I want to enable anomaly detection whenever there is a change in value of capacity (increments or decrements). So, if capacity value for a source "A" is "10" at 7th de...
02-25-2020
02:47 AM
Hi team,
I m trying to find network traffic of a user and classify it as high or normal based on avg and stdev calculations
QUERY :
index="pan_logs" sourcetype="pan:traffic" user!=unknown | ...
08-30-2012
05:49 AM
I have a field called 'err_msg' this field contains a long line which consists of the error as well as the file name and other details surrounding that error. What I'm looking for is the ability to d...
- Tags:
- search-help
09-09-2015
07:27 AM
I want to take a list of fields and show the stats displayed on the Selected fields sidebar in a table.
When we do a search, on the left side there is a Selected Fields section. When we click on ...
09-10-2020
10:53 PM
I got below warning: " 'anomalydetection' command: limit for values of field 'message' reached. Some values may have been truncated or ignored." 1) Does this means that some events are removed. Fo...
02-19-2015
10:53 AM
1 Karma
...ime the thread was published on? The thread also mentions the Anomalousvalue (http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchReference/Anomalousvalue ) and Rare (http://docs.splunk.com/D...
01-22-2018
01:25 PM
1 Karma
Hi,
I have started to learning machine learning concepts and trying to imply on Splunk tool. So, i tried to use anomaly and anomalydetection search commands but i couldn't understand how these com...
