Anomaly Detective® uses advanced predictive analytics to extend Splunk to enable highly accurate real-time alerts without the need to set thresholds.
* QuickMode - quickly converts your existing timechart searches to on-going, proactive anomaly searches
* Real-Time - detect developing anomalies using continuous background anomaly searches
* Compare - use to compare two searches at different times
* AutoDetect - extend an ad-hoc Splunk search with on-the-fly anomaly detection
* Categorize - automatically categorizes raw text fields based on similarity of text strings
* Operational Dashboard - visualize results of Real-Time anomaly searches in a heads-up display
Current version: v3.4.3 - changelog: http://goo.gl/hp34wo
Unsupervised machine learning (self-learning) techniques analyze the fields, rates and values of your data and develop a model of the normal behaviors of your environment. These models are then leveraged to identify anomalous behaviors. When an issue develops, the Anomaly Detective highlights the data directly related to that issue.
Installs onto Splunk search head(s) as a 100% native app - no external servers/systems required.
- IT Ops / APM
- Alerting on response times w/o thresholds
- Detecting spikes in error counts by type
- Detecting Brute force attacks / DDoS
- Detect changes in outbound proxy traffic to prevent misuse / data leakage
- App Installation
- Upgrading App
- System Requirements
- Real-Time configuration
- Alerting on Top Anomalies