I have use case to use the ML feature to detect the anamoly in comm sent from each ID. I was trying to get the same from predict function, but there is multiple ID's and I can't set an alert/report individually for all ID's. How I can use the same, Please help. Query which I am trying: index=indexhc source=hcdriver sourcetype="assembly" appname="marketing" ID IN (abc,xyz,qtr,jyk,klo,mno,ghr) | timechart span=1d count as commSent by ID | predict commSent as predicted_commSent algorithm=LLP holdback=0 future_timespan=24 | eval anamoly_score=if(isnull(predicted_commSent),0,abs(commSent - predicted_commSent)) |table _time,ID,commSent,predicted_commSent,anamoly_score Above query is not giving any output,it seems predict command doesnot work with multiple columns. Please suggest.
... View more