Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
24 results
Sorted by:
04-02-2012
08:23 AM
1 Karma
Hi,
Can anyone explain the difference between anomalies and anomalousvalue? From the search reference, it looks like anomalies operates on a single field and is context-sensitive (i.e. looks at t...
Show results in replies (3)
-
anomalousvalue actually only analyzes one field at a time, but it you can apply it to any a...
-
...nomalous if you you have a lot of rare values. anomalousvalue considers the distribution of values when d...
-
So if had data that had host and event fields, and I ran anomalousvalue action=filter host,event .....
04-02-2013
06:52 AM
I ran the following:
source="/path/to/vpn_log" | anomalousvalue action=summary date_hour
Every event was normal (even after changing pthresh). I noticed the mean and stddev were all 0. The I...
- Tags:
- search-language
04-24-2019
05:59 AM
...atching is done. However, I have had varied results with anomalousvalues and anomalydetection. Currently I am using a combination of both. My concern however is, suppose we have 4 hosts under one s...
07-01-2015
12:12 PM
I want to start out with: EventIdentifier=4624 | AnomalousValue "Workstation Name"
...but this search returns an error. What am I doing wrong here? It's like Splunk doesn't know what the "W...
12-28-2019
08:48 AM
Hi
I have log file like this:
09:04:04.042 module1: F[6]L: IN
09:04:01.417 module1: F[6]L: OUT
09:04:01.418 module4: F[6]L: IN
09:04:01.419 module4: F[6]L: OUT
09:04:01.420 module12: F[6]L:...
08-18-2014
12:10 PM
1 Karma
Besides the obvious things of looking for rare field values...
what are all the list of anomaly searches you use to find
unexpected events?
How do you limit false positives, or uninterest...
07-23-2013
08:41 AM
2 Karma
The documentation has not been much help all I really want is to start learning how to use it. Every time I try to use one of the example searches (or at least a version specific to my logs) I get: "...
12-07-2016
01:30 AM
I have a field called capacity. I want to enable anomaly detection whenever there is a change in value of capacity (increments or decrements). So, if capacity value for a source "A" is "10" at 7th de...
3 weeks ago
Hi all, I have a table and I need to highlight the values that are greater than lets say 5 in a line graph. how to select only those specific values into search
Labels
- Labels:
-
count
08-30-2012
05:49 AM
I have a field called 'err_msg' this field contains a long line which consists of the error as well as the file name and other details surrounding that error. What I'm looking for is the ability to d...
- Tags:
- search-help
