I am working on a classification problem in Splunk Machine Learning Toolkit. The data is highly imbalanced. The majority class constitute 99% of the data and the rest is Minority Class. Is there anyway to up sample the minority class in the data or any other methods to add the synthetic data to level the imbalanced classes? ... View more

Can anyone provide the reference/citations of papers which forms the basis of Density Function algorithm in Splunk MLTK 4.4.1? ... View more

I want to access the log files from Web servers, Micro Services, by protocol (HTTP, SOAP, FTP, etc.) or Databases. What are the aggregates which Splunk avails to user via the Splunk interface? (We know about volumes and response time but would like to know other protocols like return codes, etc.) ... View more

In the output of density function algorithm, Is an anomaly is data which depart from “normalcy”? For example, if historical response time (for some web sever, say) is 500 milliseconds, then, is it true that a response of 100 milliseconds be considered an anomaly? Well, 100 milliseconds is “better” than 500 milliseconds, is it not? Sure. It’s different than 500 milliseconds, but it’s better because it’s faster. In other words, is there a “mechanism” in Splunk which precludes tagging that ‘pesky’ 100 milliseconds as ‘anomalous’ event? Sure-sure, 5,000 milliseconds is a bona-fide anomalous. ... View more

In the anomaly detection process, density function algorithm outputs isOutlier field with values 0 (Normal) and 1 (Abnormal) for each data point depending on the KPI behavior and historical data: Is there anyway to calibrate the density function algorithm where the data point can show Normal, Warning and Critical zones based on the severity of the anomaly? How to output the probability densities of the data points and graph them like kernel distributions? ... View more