Prelert Anomaly Detective App for Splunk

Prelert's® Anomaly Detective® App uses advanced predictive analytics to extend Splunk® Enterprise and Splunk® Cloud, to enable highly accurate real-time alerts without the need to set thresholds. Supports Hunk® and Splunk® Enterprise Security.

Dashboards included:

* QuickMode - quickly converts your existing timechart searches to on-going, proactive anomaly searches
* Real-Time - detect developing anomalies using continuous background anomaly searches
* Compare - use to compare two searches at different times
* AutoDetect - extend an ad-hoc Splunk search with on-the-fly anomaly detection
* Categorize - automatically categorizes raw text fields based on similarity of text strings
* Operational Dashboard - visualize results of Real-Time anomaly searches in a heads-up display

Current version: v3.5.8 - changelog:

Unsupervised machine learning (self-learning) techniques analyze the fields, rates and values of your data and develop a model of the normal behaviors of your environment. These models are then leveraged to identify anomalous behaviors. When an issue develops, the Anomaly Detective highlights the data directly related to that issue.

Installs onto Splunk search head(s) as a 100% native app - no external servers/systems required.

Common Use-Cases:

  • IT Ops / APM
    • Alerting on response times w/o thresholds
    • Detecting spikes in error counts by type
  • Security
    • Detecting Brute force attacks / DDoS
    • Detect changes in outbound proxy traffic to prevent misuse / data leakage



Other Documentation:

12 ratings

Community Supported

Ask a Question

Built by Prelert Support