All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Anomalies detection using Splunk vs R

manishvrmv
New Member
‎03-11-2014 05:14 AM

Hi all,

I have a small numerical dataset to perform anomalies detection. My data contains 177 events and I have imputed 3 records to check anomalies using Splunk and R. I applied LOF algo. in R and find out all 3 events. In splunk, I applied anomalies command and generated unexpectedness score for each event and sorted in decreasing order. I found normal events as anomalous and imputed event comes into 6 place. Even all event found as with very less unexpectedness score.

I am just curious to know whether Splunk perform well with machine learning commands such as anomalies, outliers, cluster etc. one more query i have whether splunk work well with numerical data which contains timpstamp.

Tags (1)
0 Karma
Reply

prelert
Path Finder
‎09-02-2014 08:51 AM

If the dataset is something like:

_time, value
10:00:01, 3.22
10:00:04, 32.22
...

An effective approach to identify anomalies is to create a statistical model of the numerical values, and computing the probability of a specific data value. If the probability is low, then the value is anomalous.

Generally, to accurately model these data and avoid false positives these models needs to be more sophisticated than a simple Normal distribution. In addition, these data are generally periodic and so the models need to allow for daily and weekly patterns.

LOF methods can be effective on static low dimensional datasets, but suffer from similar issues to kernel density functions (overfitting, linear space complexity etc.).

Further details are available here:
http://www.ijmlc.org/papers/398-LC018.pdf

We have built an app to automatically identify anomalies in numeric and categorical data using these techniques:

http://apps.splunk.com/app/1306/

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...