About the Splunk App for Anomaly Detection
The Splunk App for Anomaly Detection is a free app you can download from Splunkbase.
The Splunk App for Anomaly Detection finds anomalies in time-series datasets and provides an end-to-end workflow to manage and operationalize anomaly detection tasks. The app detects seasonal patterns and determines all of the optimal parameters automatically.
Using the app you can create anomaly detection jobs, run these jobs on a regular cadence, view SPL queries, and create alerts. The app works with any time-series dataset that can be ingested into the Splunk platform.
The app uses machine learning to detect seasonality in the data without user inputs, lowering the barriers to realizing value. The app also performs health diagnostics on the time-series to check whether the dataset is fit for anomaly detection.
Similar to other Splunk platform applications, the resource consumption of CPU and memory is commensurate with the size of the datasets that you use.
Splunk App for Anomaly Detection features
The following features are included with the Splunk App for Anomaly Detection:
- Built-in data health check and remediation workflow: The app detects whether the input time series has missing data or is unevenly spaced. If the data is unevenly spaced, you see an aggregation capability to create an evenly-spaced time series. If there is missing data, it is filled in using linear interpolation.
- Easy detection sensitivity adjustment: You can easily adjust the detection sensitivity with a simple interface. More (or fewer) anomalies can be intelligently produced to fit your alerting preferences.
- Enhanced anomaly detection algorithm: A new approach to anomaly detection comprised of an ensemble of machine learning methods that are alternately invoked depending on whether the input time series has a characteristic seasonality.
- Informative and actionable job dashboard: Easily view and manage job properties, including the sensitivity, the saved search schedule, and the alert actions selected for both anomaly and missing data alerting. One-click any job as on or off.
- Expanded alert actions: Create alerts on your saved jobs including on when a chosen number of consecutive data point values are missing.
- Automatic creation of a Search Processing Language (SPL) query: When you create an anomaly detection job, the app writes an SPL query for you that you can view and use elsewhere in the Splunk platform.
Requirements for the Splunk App for Anomaly Detection
In order to successfully run the Splunk App for Anomaly Detection, the following is required:
The Splunk App for Anomaly Detection relies on the PSC add-on, but an ARM-compatible PSC version is not available. Thus, the app does not work on Mac M1 or M2 laptops.
- Splunk Enterprise 8.0.0 or higher, or Splunk Cloud Platform.
- Installation of the correct version of the Python for Scientific Computing (PSC) add-on version 3.0.0 or higher from Splunkbase.
- Installation of the Splunk Machine Learning Toolkit (MLTK) app version 5.3.0 or higher from Splunkbase.
For specific version information that includes the Splunk App for Anomaly Detection, MLTK, the PSC add-on, Python, and Splunk Enterprise, see Splunk App for Anomaly Detection version matrix.
Install or upgrade the Splunk App for Anomaly Detection
This documentation applies to the following versions of Splunk® App for Anomaly Detection: 1.1.0, 1.1.1, 1.1.2