app.session.schedule_clicked |
Information entered in the "Schedule" modal in the Job Dashboard. |
{
component: app.session.schedule_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
rowData: {
alertExpiresTimeUnit: h
alertExpiresValue: 24
cronSchedule:
description: got5 milk?
emailTo: wdeaderick@splunk.com
name: got5 milk?
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.878 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: b83a31f5-1028-6ca8-dac6-94c2985e0caa
experienceID: 5efc3c69-0a78-611b-7c34-c641e2597d80
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678991871
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.manage_alert_clicked |
When a user clicks "Manage alert" in Anomaly app. |
{
"optInRequired": 3,
"version": "4",
"experienceID": "dd4a1aa8-13ba-84dc-2386-0de9174cb1d9",
"timestamp": 1678237020,
"visibility": "anonymous,support",
"userID": "3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc",
"deploymentID": "c551ac66-1d97-5dc7-98ac-634bcc99ebee",
"component": "app.session.manage_alert_clicked",
"splunkVersion": "9.0.3",
"eventID": "84ddf59b-5c41-1bca-03c9-490c973dfafa",
"data": {
"app": "Splunk_App_for_Anomaly_Detection",
"page": "start",
"rowData": {
"numOfAnomConditionValue": "1",
"confConditionSymbol": ">=",
"confConditionValue": "0.82",
"alertExpiresTimeUnit": "h",
"alertExpiresValue": "24",
"cronSchedule": "15 * * * *",
"description": "Tel test2 desc",
"search": "| inputlookup kpi.csv \n| dedup _time\n| sort _time\n| fit StateSpaceForecast input period=24 as preds\n| anomconfidences field_name=input pred_name=preds conf_name=anomConf\n| eval thresh = 0.878\n| eval isOutlier = if(anomConf >= thresh, 1, 0)\n| anomintervals field_name=input conf_name=anomConf anom_name=isOutlier\n| table _time, input, isOutlier, anomConf",
"emailMsg": "The alert condition was triggered.",
"name": "Tel test2",
"emailSubject": "Splunk Alert: Tel test2",
"emailTo": "dchang@splunk.com",
"numOfAnomConditionSymbol": ">="
},
"source": "UI Telemetry"
}
}
|
app.session.app_go_to_tab |
The tab ("Job Dashboard" or "Create a New Job") to which the user changed. |
{
component: app.session.new_job_go_to_tab
data: {
activePanelId: Create Anomaly Job
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: d6e4950f-2806-a4f2-82bb-6f4268372b7f
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678908071
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.field_selected |
The name of the field in the user's data that was selected for anomaly detection. |
{
component: app.session.field_selected
data: {
app: Splunk_App_for_Anomaly_Detection
field: ts15
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 198d7451-bbcc-815e-513a-5a9fd7a429d6
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678914715
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.alert_trigger_saved |
The information that evaluates the detected anomalies against the alerting conditions to determine whether or not an email should be sent. |
{
component: app.session.alert_trigger_saved
data: {
app: Splunk_App_for_Anomaly_Detection
data: {
action.email.mailserver: mail.splunk.com
action.email.message.alert: The alert condition was triggered.
action.email.subject: Splunk Alert: Tel test2
action.email.to: dchang@splunk.com
actions: email
alert.expires: 24h
alert_condition: | delta isOutlier as outlierDelta | eval isFirstOutlier=if(outlierDelta == 1, 1, 0) | where isFirstOutlier == 1 | eventstats count as outlierCount | sort 1 anomConf desc | stats min(anomConf) as minAnomConf by outlierCount | search outlierCount >= 1 AND minAnomConf >= 0.82
alert_type: custom
is_scheduled: true
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.878 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
}
name: Tel test2
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 39b03015-8009-841e-03d4-e9231847ecb3
experienceID: dd4a1aa8-13ba-84dc-2386-0de9174cb1d9
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678237006
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.new_job_go_to_tab |
The tab ("Job Dashboard" or "Create a New Job") to which the user changed. |
{
component: app.session.new_job_go_to_tab
data: {
activePanelId: Create Anomaly Job
app: Splunk_App_for_Anomaly_Detection
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: d6e4950f-2806-a4f2-82bb-6f4268372b7f
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678908071
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.schedule_saved |
The scheduling details that the user entered for the Job execution. |
{
component: app.session.schedule_saved
data: {
app: Splunk_App_for_Anomaly_Detection
data: {
cron_schedule: */5 * * * *
}
page: start
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 9ab7237b-4f3b-7b3c-22c8-155256e2c18c
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678919796
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.new_job_saved |
Saving of a new job in the app. |
{
component: app.session.new_job_saved
data: {
app: Splunk_App_for_Anomaly_Detection
jobFormDetails: [
{
label: Job Name
value: got5 milk?
}
{
label: Job Description
value: got5 milk?
}
]
page: start
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.878 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 34312936-ed61-0eb1-fe2a-e88d62e1897d
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678908197
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_job_clicked |
User deleted a job. |
{
component: app.session.delete_job_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
rowData: {
alertExpiresTimeUnit: h
alertExpiresValue: 24
cronSchedule:
description: got4 milk?
emailTo:
name: got4 milk?
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.878 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 87e8cbd2-58c3-e775-b6cc-9df8d3b4cc90
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678910922
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.detect_anomalies_clicked |
User clicked on the "Detect Anomalies" button to initiate anomaly detection. |
{
component: app.session.detect_anomalies_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
search: | inputlookup kpi.csv | dedup _time | sort _time | table _time input | fit AutoAnomalyDetection input
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: c2d959ca-b930-6ccc-5ec9-cf747fbd06b6
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678908083
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.sensitivity_saved |
The sensitivity value (low, medium, or high) selected by the user upon operationalization of the AD search. |
{ [
component: app.session.sensitivity_saved
data: { [
app: Splunk_App_for_Anomaly_Detection
page: start
sensitivity: 2
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 42ea2afb-57c6-326c-dfcf-2b0504856947
experienceID: ffc7e5a5-44dc-92ec-ffbd-e34b1dae7a62
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1677867058
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.create_job_open_in_search_clicked |
User clicked on the button to open the SPL query in search from within the "Create Job" dialog. |
{
component: app.session.create_job_open_in_search_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.6681 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 87877205-355b-f3f8-2c9e-30bda02fc50e
experienceID: ffc7e5a5-44dc-92ec-ffbd-e34b1dae7a62
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1677867086
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.view_spl_clicked |
User clicked on the button to open the SPL query in search from the main AD workflow UI. |
{
component: app.session.view_spl_clicked
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.6681 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: 0e7f77ee-a5ad-a78b-0d7d-85079cd7265e
experienceID: ffc7e5a5-44dc-92ec-ffbd-e34b1dae7a62
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1677867088
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_job_successful |
Deleting a job was successful. |
{
component: app.session.delete_job_successful
data: {
app: Splunk_App_for_Anomaly_Detection
page: start
rowData: {
alertExpiresTimeUnit: h
alertExpiresValue: 24
cronSchedule:
description: got4 milk?
emailTo:
name: got4 milk?
search: | inputlookup kpi.csv | dedup _time | sort _time | fit StateSpaceForecast input period=24 as preds | anomconfidences field_name=input pred_name=preds conf_name=anomConf | eval thresh = 0.878 | eval isOutlier = if(anomConf >= thresh, 1, 0) | anomintervals field_name=input conf_name=anomConf anom_name=isOutlier | table _time, input, isOutlier, anomConf
}
source: UI Telemetry
}
deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
eventID: c7c9a89f-40dd-cbfa-d47f-84909faf0cfd
experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
optInRequired: 3
splunkVersion: 9.0.3
timestamp: 1678910922
userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
version: 4
visibility: anonymous,support
}
|
app.session.delete_model_artifact_successful |
Deleting model artifacts associated with a job that was deleted was successful. |
{
component: app.session.delete_model_artifact_successful
data: {
app: Splunk_App_for_Anomaly_Detection
cronSchedule:
page: start
rowData: {
alertExpiresTimeUnit: h
alertExpiresValue: 24
}
source: UI Telemetry
}
deploymentID: 821a4186-5c1e-5c26-bc39-355b7a6d8559
eventID: a8174b63-e49c-ffc8-a560-a87ce2bcdcf4
experienceID: 079cf05d-ff0a-cf56-09ed-61499468e16b
optInRequired: 3
splunkVersion: 9.0.1
timestamp: 1680287440
userID: e0c7c133de97dccf5e30df7e77afb4c27de23536979fa897c36534b7c2b36fab
version: 4
visibility: anonymous,support
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The data health check result. For example, if data contains missing values, or timestamps are unevenly spaced. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 3
message: Health check score: 2; No data quality issues detected.
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 7755BDFD-3BD5-4FA7-9D07-8EE044B378C3
executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
optInRequired: 3
timestamp: 1678880187
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The number of anomalies/ anomalous intervals detected in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 5
message: 1 anomalous interval(s) found.
}
deploymentID: db49a47c-7c97-544e-9236-f5e2f7547600
eventID: C09FA2A1-A9F4-498F-9DD4-D6050FFACD00
executionID: 46D024B4-E1EA-4394-BB47-966D92C731C0
optInRequired: 3
timestamp: 1678895466
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The length of the seasonal/periodic component (if one is found) in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Detected seasonal period length: 1
}
deploymentID: a676d989-ba85-599f-91c2-9cb0c16722ed
eventID: 9A7BBCAC-B0CE-48E5-A4FD-52FE37763AB2
executionID: 15BA56B4-06DD-4420-A86A-D2BA2496EA1B
optInRequired: 3
timestamp: 1678876382
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Whether the user is running the app with Splunk preinstalled dataset or with their own data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Using our included inputlookup data
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: DA0A3667-BF04-4427-8F77-339AB11079A2
executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
optInRequired: 3
timestamp: 1678880187
type: aggregate
visibility: [
anonymous
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The top and bottom 5 anomaly confidence scores found in the data. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Top 5 anomConfs: [0.9433 0.8127 0.7784 0.7269 0.7113]
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: F939CAC7-E468-4490-9915-BA448068533D
executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
optInRequired: 3
timestamp: 1678880187
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
How long our custom algorithm took to run. Encompasses all backend computation other than the SPL query execution time. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Total execution time in seconds for `fit AutoAnomalyDetection` call: 0.5578451156616211
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 813454ED-EDF5-488E-8BE2-00E3B64F5D01
executionID: A2D51B94-F483-4367-AB4A-FA92B6DC5597
optInRequired: 3
timestamp: 1678972625
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
The data resolution. The spacing between timestamps, in number of seconds. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Data resolution: 3600.0 seconds.
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 813454ED-EDF5-488E-8BE2-00E3B64F5D01
executionID: A2D51B94-F483-4367-AB4A-FA92B6DC5597
optInRequired: 3
timestamp: 1678972625
type: aggregate
visibility: [
]
}
|
app.Splunk_App_for_Anomaly_Detection.anomalyapp |
Range of the data values. Number of orders of magnitude between highest and lowest value. |
{
app: Splunk_App_for_Anomaly_Detection
component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
data: {
count: 1
message: Data varies over 0.5844700114060526 orders of magnitude.
}
deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
eventID: 813454ED-EDF5-488E-8BE2-00E3B64F5D01
executionID: A2D51B94-F483-4367-AB4A-FA92B6DC5597
optInRequired: 3
timestamp: 1678972625
type: aggregate
visibility: [
]
}
|