app.session.schedule_clicked |
Information entered in the "Schedule" modal in the Job Dashboard. |
{ [-]
component: app.session.schedule_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
cronSchedule:
page: start
rowData: { [-]
alertExpiresTimeUnit: h
alertExpiresValue: 24
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 8a67326a-3821-f524-a30d-2bcfd5af315d
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680199458
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.manage_alert_clicked |
Information entered in the "Manage Alert" modal in the Job Dashboard. |
{ [-]
component: app.session.manage_alert_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
cronSchedule: 0 2 * * 3
page: start
rowData: { [-]
alertExpiresTimeUnit: h
alertExpiresValue: 24
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 576ed315-7667-7552-9aeb-fc5ebbab88c0
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680199977
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.app_go_to_tab |
The tab ("Job Dashboard" or "Create a New Job") to which the user changed. |
{ [-]
component: app.session.app_go_to_tab
data: { [-]
activePanelId: Job Dashboard
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 8d4ae192-a139-523c-84e5-bc49afa28758
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678914889
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.field_selected |
Whether the user selected a field for running anomaly detection. |
{ [-]
component: app.session.field_selected
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: b6339b64-c8dc-9b54-562a-d7ed6c61c8be
experienceID: 32bd9ad3-fb06-f2ae-6712-494f26b2c728
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680132382
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.alert_trigger_saved |
The information that evaluates the detected anomalies against the alerting conditions to determine whether or not an email should be sent. |
{ [-]
component: app.session.alert_trigger_saved
data: { [-]
app: Splunk_App_for_Anomaly_Detection
data: { [-]
actions: email
alert.expires: 24h
alert_condition: | delta isOutlier as outlierDelta | eval isFirstOutlier=if(outlierDelta == 1, 1, 0) | where isFirstOutlier == 1 | eventstats count as outlierCount | sort 1 anomConf desc | stats min(anomConf) as minAnomConf by outlierCount | search outlierCount >= 1 AND minAnomConf >= 0.7
alert_type: custom
is_scheduled: true
}
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: eaa05cdb-cb35-bd33-5cf3-743a2a30f2c3
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680199778
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.new_job_go_to_tab |
The tab ("Job Dashboard" or "Create a New Job") to which the user changed. |
{
component: app.session.new_job_go_to_tab
data: {
activePanelId: Create Anomaly Job
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: d6e4950f-2806-a4f2-82bb-6f4268372b7f
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678908071
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.schedule_saved |
The scheduling details that the user entered for the Job execution. |
{ [-]
component: app.session.schedule_saved
data: { [-]
app: Splunk_App_for_Anomaly_Detection
data: { [-]
cron_schedule: 0 2 * * 3
dispatch.earliest_time: -1w
dispatch.latest_time: now
}
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 3bc05666-912f-0905-52ff-9c153df41f3e
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680199564
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.new_job_saved |
Name and description of job created by user. |
{ [-]
component: app.session.new_job_saved
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: fd242723-d376-f176-679a-376265165d67
experienceID: f78ca542-43f1-ff17-c7e8-147f813701a2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680113341
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_job_clicked |
Informs us that the user deleted a job. |
{ [-]
component: app.session.delete_job_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
cronSchedule:
page: start
rowData: { [-]
alertExpiresTimeUnit: h
alertExpiresValue: 24
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 79cf2cd7-b0e9-386d-372b-b260340adaea
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680208681
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.detect_anomalies_clicked |
Informs us that the user clicked on the "Detect Anomalies" button to initiate anomaly detection. |
{ [-]
component: app.session.detect_anomalies_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 27b5eda1-80ab-4017-7f64-87af436c10f8
experienceID: 32bd9ad3-fb06-f2ae-6712-494f26b2c728
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680132394
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.sensitivity_saved |
Informs us of the sensitivity value (low, medium, or high) selected by the user upon operationalization of the AD search. |
{ [
component: app.session.sensitivity_saved
data: { [
app: Splunk_App_for_Anomaly_Detection
page: start
sensitivity: 2
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 42ea2afb-57c6-326c-dfcf-2b0504856947
experienceID: ffc7e5a5-44dc-92ec-ffbd-e34b1dae7a62
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1677867058
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.create_job_open_in_search_clicked |
nforms us that the user clicked on the button to open the SPL query in search from within the "Create Job" dialog. |
{
component: app.session.create_job_open_in_search_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 8824d9f6-c85b-8b6c-220c-9a8747dcf315
experienceID: 18bbe076-9b99-75db-075a-bc54550b5df1
optInRequired: 3
splunkVersion: 9.0.0
timestamp: 1680185851
userID: 959b8bbc98699b81ce13be1e4558b784006b0939fd5a93e6b6b69d5fd77f155a
version: 4
visibility: anonymous,support
}
|
app.session.view_spl_clicked |
Informs us that the user clicked on the button to open the SPL query in search from the main AD workflow UI. |
{ [-]
component: app.session.view_spl_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: c4b829fb-1933-7fa3-3de9-bbf77dfa6b60
experienceID: f78ca542-43f1-ff17-c7e8-147f813701a2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680113283
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_job_successful |
Deleting a job was successful. |
{ [-]
component: app.session.delete_job_successful
data: { [-]
app: Splunk_App_for_Anomaly_Detection
cronSchedule:
page: start
rowData: { [-]
alertExpiresTimeUnit: h
alertExpiresValue: 24
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 5d0b5d8e-1f35-e938-0e89-9a9d156729d5
experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1680208681
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_missing_data_job_successful |
Informs us that the user deleted a missing data job. |
{ [-]
component: app.session.delete_missing_data_job_successful
data: { [-]
alertCondition: | search max_consecutive_missing_vals >= 1
app: Splunk_App_for_Anomaly_Detection
cronSchedule: 15 * * * *
page: start
source: UI Telemetry
}
deploymentID: c529adf3-cc3e-5843-95ef-222183b1bdc5
eventID: 0148a673-c799-a03c-73ec-fcd5455422b3
experienceID: e8c5a086-be1f-b98e-2184-aa81d48eb694
optInRequired: 3
original_timestamp: 1687822106
splunkVersion: 9.0.5
timestamp: 1687822106
userID: 11b935cc0c5729ea1447a6da5669d6b978d38f7805e0376c2de90e5675b21cab
version: 4
visibility: anonymous,support
}
|
app.session.aggregation_selected |
Whether an aggregation method outside of the default (avg) was selected. |
{ [-]
component: app.session.aggregation_selected
data: { [-]
app: Splunk_App_for_Anomaly_Detection
method: median
page: start
source: UI Telemetry
}
deploymentID: f95be205-1ba7-525f-92eb-6da4e70905fd
eventID: 5d26cef4-122c-c2c6-a0b5-f9049f2a3f02
experienceID: b6b196ee-aa3d-f38f-3bc6-6c0f4c69adc4
optInRequired: 3
original_timestamp: 1687994539
splunkVersion: 9.0.4.1
timestamp: 1687994539
userID: 7f6650341a5a634700cde398d1f17fadec3092122a5dcfaad0f206b08b9fba81
version: 4
visibility: anonymous,support
}
|
app.session.time_span_selected |
Whether a time span outside of the default for aggregation was selected. |
{ [-]
component: app.session.time_span_selected
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
timeSpan: 5m
}
deploymentID: f95be205-1ba7-525f-92eb-6da4e70905fd
eventID: 385aaac2-062c-bf1c-612d-0cae5cd90067
experienceID: b6b196ee-aa3d-f38f-3bc6-6c0f4c69adc4
optInRequired: 3
original_timestamp: 1687994534
splunkVersion: 9.0.4.1
timestamp: 1687994534
userID: 7f6650341a5a634700cde398d1f17fadec3092122a5dcfaad0f206b08b9fba81
version: 4
visibility: anonymous,support
}
|
app.session.updated_job_saved |
The user clicked save job after editing information. |
component: app.session.updated_job_saved
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 0ade0e64-8665-bda5-115c-9885308bafee
experienceID: 867a87f1-72a6-989a-0211-3fb5152f6ad1
optInRequired: 3
original_timestamp: 1687458445
splunkVersion: 9.0.3
timestamp: 1687458445
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
|
app.session.job_dashboard_open_in_search_clicked |
The user clicked to open the SPL query associated with the job in search. |
{ [-]
component: app.session.job_dashboard_open_in_search_clicked
data: { [-]
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: 1b9cf9b0-a283-51cf-869f-898a26801ea0
eventID: f329dc9b-8c03-15d1-7af1-40b0271b421a
experienceID: 2b517c1d-6ee9-c299-8610-ab5e4e6b17d3
optInRequired: 3
original_timestamp: 1682099162
timestamp: 1682099162
userID: 60dbb3421d0ea2d90eb8b9ce1e80f198c34adc8869436c4cd508916a857d4d87
version: 4
visibility: anonymous,support
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The time policy score. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 2
message: Time Policy Score: 0.9260099659107661
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 0DEF66C3-2195-47DA-89D2-35AEF2628C1F
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [
anonymous
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The number of anomalies/ anomalous intervals detected in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 2
message: Number of anomalies detected: 280
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 0762117C-BD48-4813-8D88-7A0D9B1FDA0B
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [
anonymous
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The length of the seasonal/periodic component (if one is found) in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Detected seasonal period length: 1
}
deploymentID: a676d989-ba85-599f-91c2-9cb0c16722ed
eventID: 9A7BBCAC-B0CE-48E5-A4FD-52FE37763AB2
executionID: 15BA56B4-06DD-4420-A86A-D2BA2496EA1B
optInRequired: 3
timestamp: 1678876382
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Whether the user is running the app with Splunk preinstalled dataset or with their own data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Using our included inputlookup data
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: DA0A3667-BF04-4427-8F77-339AB11079A2
executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
optInRequired: 3
timestamp: 1678880187
type: aggregate
visibility: [
anonymous
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The top and bottom 5 anomaly confidence scores found in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Top 5 anomConfs: [0.9433 0.8127 0.7784 0.7269 0.7113]
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: F939CAC7-E468-4490-9915-BA448068533D
executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
optInRequired: 3
timestamp: 1678880187
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
How long our custom algorithm took to run. Encompasses all backend computation other than the SPL query execution time. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Total execution time in seconds for `fit AutoAnomalyDetection` call: 0.5578451156616211
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 813454ED-EDF5-488E-8BE2-00E3B64F5D01
executionID: A2D51B94-F483-4367-AB4A-FA92B6DC5597
optInRequired: 3
timestamp: 1678972625
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Whether the user's data is evenly-spaced, and if so, what the resolution is. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 2
message: Time series evenly-spaced with resolution 300.0 seconds.
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 8AC067E3-91A4-474A-A2E1-03C8DD37818B
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Whether or not the ensemble chose to use ADESCA algo. |
{ [-]
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: { [-]
count: 2
message: Using ADESCA: True
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 49A5C6DF-85CD-4F4B-83EA-93D13F43F4F2
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [ [+]
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The number of missing/non-numeric values that were imputed. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 2
message: Number of imputed values = 0
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 642AF933-7388-4349-A7CF-78FB1E1D89F0
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [ [+]
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Number of anomalies detected that are non-contiguous. |
{ [-]
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: { [-]
count: 1
message: Number of non-continous anomalies detected: 2
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 9181E253-A2EF-47EC-9987-114592710EEB
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Example timestamps. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 2
message: Example timestamps: 2014-04-01 00:00:00, 2014-04-14 23:55:00
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 2507E555-D79B-4AB5-9AF0-D709607CB83A
executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
optInRequired: 3
original_timestamp: 1687984621
timestamp: 1687984621
type: aggregate
visibility: [
anonymous
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Number of points in input time series. |
{ [-]
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: { [-]
count: 2
message: Input series length (excluding missing/NaN values) = 4032
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 3809676E-A7BD-44E6-87A2-7068EE64271B
executionID: 212F3ACB-C03F-487A-A122-5753ADCAE277
optInRequired: 3
original_timestamp: 1687996141
timestamp: 1687996141
type: aggregate
visibility: [ [+]
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Value of sensitivity parameter provided by the user. |
{ [-]
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: { [-]
count: 4
message: Sensitivity Parameter: 1
}
deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
eventID: 5198FC63-5432-4B45-80B4-1D5C16BD137E
executionID: 667E9DDD-E851-4A0E-9A4F-3B9108C5056F
optInRequired: 3
original_timestamp: 1688002812
timestamp: 1688002812
type: aggregate
visibility: [ [+]
]
}
|