I've looked through the examples provided with the Machine Learning Toolkit app and was wondering if anyone has used the MLT to detect outliers in Splunk log traffic, or a similar data set where there are multiple simultaneous streams of data of interest. The "Detect Numeric Outliers" example does exactly what I want, but I can only use it on one "stream" of data at a time. I've used it successfully on a single index of interest in my data, but I'd like to monitor multiple indexes simultaneously to keep a better eye on my data.
The graph generated in the provided example, with the upper/lower bound interval and outliers clearly displayed along with the data, is helpful but not necessary. Ideally I would receive an email with "indexes of interest", along with limited historical data/traffic info for context in potentially taking action on an issue.
I currently have a search that does this manually, but it is quite crude and I'd like to take advantage of Splunk's internal ML capabilities for scalability.
Thank you in advance!
... View more
In experimenting with sendresults, I noticed that a sparkline is displayed as its raw text in both the Splunk results and the email sent to the designated recipients (formatted as "##_SPARKLINE##,10,1,64..." instead of as the typical green line).
Is anyone aware of sparkline support for sendresults or know a workaround?
... View more