I am trying to use the machine learning toolkit assistant for detecting numerical outliers in transaction response time for multiple targets. I want to treat data set for each target over a period of time separately and apply the algorithm to each set.
I am using this query in the assistant:
index=dc10 sourcetype=ML |timechart useother=f limit=20 span=10m values(resptime) by name
I expect to use the "resptime" field to analyze and split by the "name" field. However this is not working as I expected it to. I am getting the values for "name" in the "Field to analyze" drop down.
I can use it against a single target (name) and it works fine. Is there a way to apply the algorithm in a way that I need? I don't want to write separate queries to create a model for each of the targets.
... View more