All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to use the Machine Learning Toolkit to check for outliers in multiple "streams" of data?

xander517
New Member
‎01-17-2017 08:58 AM

I've looked through the examples provided with the Machine Learning Toolkit app and was wondering if anyone has used the MLT to detect outliers in Splunk log traffic, or a similar data set where there are multiple simultaneous streams of data of interest. The "Detect Numeric Outliers" example does exactly what I want, but I can only use it on one "stream" of data at a time. I've used it successfully on a single index of interest in my data, but I'd like to monitor multiple indexes simultaneously to keep a better eye on my data.

The graph generated in the provided example, with the upper/lower bound interval and outliers clearly displayed along with the data, is helpful but not necessary. Ideally I would receive an email with "indexes of interest", along with limited historical data/traffic info for context in potentially taking action on an issue.

I currently have a search that does this manually, but it is quite crude and I'd like to take advantage of Splunk's internal ML capabilities for scalability.

Thank you in advance!

0 Karma
Reply

sslepian_splunk
Splunk Employee
Splunk Employee
‎01-17-2017 10:50 AM

There's no built-in way to keep track of multiple data streams at the same time with the "Detect Numeric Outliers" assistant as it ships with the app, but it's possible using the building blocks provided by the MLTK. For example, if you would like to receive alerts when a data stream has outliers, you could individually run each stream of data through the "Detect Numeric Outliers" assistant and set up an an alert for it, which would then notify you about outliers on that stream in the fashion of your choosing. You can likewise use the "Outliers Chart" custom visualization to set up a custom dashboard for monitoring multiple streams of data.

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...