Understaind outlier command + drawing the line whe...

HattrickNZ · ‎02-07-2019

This is my search to recreate the data I am working on:

| makeresults 
  | eval data = "
2019-01-01  98.0;
2019-01-02  98.2;
2019-01-03  98.5;
2019-01-04  98.4;
2019-01-05  98.4;
2019-01-06  98.4;
2019-01-07  98.5;
2019-01-08  98.4;
2019-01-09  98.4;
2019-01-10  98.7;
2019-01-11  98.4;
2019-01-12  98.1;
2019-01-13  98.2;
2019-01-14  98.3;
2019-01-15  98.3;
2019-01-16  98.4;
2019-01-17  98.4;
2019-01-18  98.0;
2019-01-19  97.7;
2019-01-20  98.3;
2019-01-21  98.3;
2019-01-22  98.3;
2019-01-23  98.4;
2019-01-24  98.3;
2019-01-25  98.4;
2019-01-26  98.1;
2019-01-27  98.0;
2019-01-28  98.4;
2019-01-29  98.4;
2019-01-30  98.7;
2019-01-31  98.4;
   " 
  | makemv delim=";" data 
  | mvexpand data
  | rex field=data "(?<Date>\d+-\d+-\d+)\s+(?<kpi1>\d+(\.\d+)?)" 
  | fields + Date kpi1 | fields - _time
  | search kpi1=* 
  | rename Date as _time

If I add | outlier action=remove uselower=true the value on 19th Jan will be removed.

What I am trying to understand is why it is removed. I deally I would like to see the maths behind it, and hopefully that will explain it to me. I have raised a similar/related question here. What I would like to do is be able to draw the line on where the cutoff point is the graph.

Understaind outlier command + drawing the line where it does the removal of points

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability