Search Reference

Version

Welcome

Search Overview

Search Commands

Custom Search Commands

anomalousvalue

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Synopsis
Syntax
Arguments
Description
Examples
See also

anomalousvalue

Synopsis

Finds and summarizes irregular, or uncommon, search results.

Syntax

anomalousvalue [anovalue-action-option] [anovalue-pthresh-option]

Arguments

anovalue-action-option: Syntax:; Description:

anovalue-pthresh-option: Syntax:; Description:

Description

Identifies or summarizes the values in the data that are anomalous either by frequency of occurrence or number of standard deviations from the mean.

Examples

Example 1: Return events with uncommon values.

... | anomalousvalue action=filter pthresh=0.02

Example 2: Return uncommon values from the host "reports".

host="reports" | anomalousvalue action=filter pthresh=0.02

Example 3: Return only uncommon values.

... | anomalousvalue

See also

af, analyzefields, anomalies, cluster, kmeans, outlier

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.5/SearchReference/Anomalousvalue"

« anomalies append »

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!