cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sebastien07
Engager
Member since: ‎06-15-2023
‎06-15-2023
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-15-2023
View All

Re: Add a MLTK Visualization to a splunk dashboard

by in Dashboards & Visualizations
‎06-15-2023 06:20 AM
‎06-15-2023 06:20 AM
I think this could work. I'm not used to working with the XML editor for dashboards. Any idea why this would fail to spit out the results? <dashboard version="1.1"> <label>test-webtraffic</label> <row> <chart> <search> <query>index=xxx sourceServiceName="xxx" cn1="xxx" | bucket _time span=1h | stats count by _time | sort - count | eventstats median("count") as median | eval absDev=(abs('count' -median)) | eventstats median(absDev) as medianAbsDev | eval lowerBound=(median-medianAbsDev*exact(8)), upperBound=(median+medianAbsDev*exact(8)) | eval isOutlier=if('count' &lt; lowerBound OR 'count' &gt; upperBound, 1, 0) | fields _time, "count", lowerBound, upperBound, isOutlier, * </query> <earliest>-24h@h</earliest> <latest>now</latest> </search> <viz type="Splunk_ML_Toolkit.OutliersViz"></viz> </chart> </row> </dashboard> ... View more

Re: Add a MLTK Visualization to a splunk dashboard

by in Dashboards & Visualizations
‎06-15-2023 05:55 AM
‎06-15-2023 05:55 AM
Also would like to try that, but i can't find the name of the outlier's chart to use for the SimpleXML     ... View more

How to add a MLTK Visualization to a Splunk dashbo...

by in Dashboards & Visualizations
‎06-15-2023 05:48 AM
‎06-15-2023 05:48 AM
I would like to add an outliers' chart from the Machine learning visualizations to my splunk dashboard. The visualization itself is not available in the dashboard studio, and I can't find any documentations for it. Running my query in the search tab works fine because it detects what visualization i want to use automatically. My query:        index=xxx sourceServiceName="xxx" cn1="xxx" | bucket _time span=1h | stats count by _time | sort - count | eventstats median("count") as median | eval absDev=(abs('count'-median)) | eventstats median(absDev) as medianAbsDev | eval lowerBound=(median-medianAbsDev*exact(8)), upperBound=(median+medianAbsDev*exact(8)) | eval isOutlier=if('count' < lowerBound OR 'count' > upperBound, 1, 0) | fields _time, "count", lowerBound, upperBound, isOutlier, *         I tried replacing fields with "table" but wouldn't fix it. Any help is appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-15-2023 10:35 AM