Splunk_Deploiement/apps/Splunk_ML_Toolkit/README/savedsearches.conf.spec

#   Version 7.0.2
#
# This file contains possible attribute/value pairs for saved search entries in
# savedsearches.conf.  You can configure saved searches by creating your own
# savedsearches.conf.
#
# There is the default savedsearches.conf in $SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit/default. To
# set custom configurations, place a savedsearches.conf in
# $SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit/local/.  You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles

[default]
args.mltk.experiment = [0|1]
* default to 0
* If it sets to true, the saved search is a MLTK experiment type of saved search (schedule training or alert).

args.mltk.experiment.alert.actualField = <string>
* the field produced by applying the algorithm used in the comparision
* used in condition(s): num_predicted_value, r_squared_value, different_predicted_value

args.mltk.experiment.alert.clusterId = <string>
* default to 0
* used in condition(s): cluster_id_count

args.mltk.experiment.alert.comparator = <string>
* default to '>'
* the operator to use
* used in condition(s): num_outlier_count, num_predicted_value, cluster_id_count, cat_predicted_value

args.mltk.experiment.alert.condition = <string>
* Required
* the custom trigger condition for an experiment alert, can be expanded to have more values.
* Possible values: 'numeric_outlier_count', 'categorical_predicted_value', 'cluster_id_count', 'categorical_outlier_count', 'numeric_predicted_value', 'smart_outlier_detection'.

args.mltk.experiment.alert.count = <string>
* default to 0
* used in condition(s): num_outlier_count, cat_outlier_count

args.mltk.experiment.alert.experimentType = <string>
* Required
* The type of experiment where the alert is generated from
* Possible values:
* 'predict_numeric_fields', 'predict_categorical_fields', 'detect_numeric_outliers', 'detect_categorical_outliers',
* 'forecast_time_series', 'cluster_numeric_events'

args.mltk.experiment.alert.field = <string>
* the field produced by applying the algorithm used in the comparision
* used in condition(s): num_predicted_value, cat_predicted_value, different_predicted_value

args.mltk.experiment.alert.fields = <string>
* default to '[]'
* a list of field names encoded in JSON
* used in condition(s): cat_outlier_count, multi_numeric_predicted_values

args.mltk.experiment.alert.firstCount = <int>
* default to 0
* used in condition(s): cluster_id_count

args.mltk.experiment.alert.firstValue = <int>
* default to 0
* the value to compare to the selected field
* used in condition(s): num_predicted_value

args.mltk.experiment.alert.integerFields = <string>
* default to '[]'
* the possible integer values which the cluster id can have
* used in condition(s): 'cluster_id_range'

args.mltk.experiment.alert.probableCauseFields = <string>
* default to '[]'
* a list of field names encoded in JSON
* used in condition(s): cat_outlier_count

args.mltk.experiment.alert.secondCount = <int>
* default to 0
* used in condition(s): cluster_id_count

args.mltk.experiment.alert.secondValue = <int>
* default to 0
* the value to compare to if the operator requires a second value
* used in condition(s): num_predicted_value

args.mltk.experiment.alert.selectedFields = <string>
* default to '[]'
* a list of values encoded in JSON
* used in condition(s): multi_numeric_predicted_values

args.mltk.experiment.alert.selectProbableCause = [0|1]
* default to 0
* used in condition(s): cat_outlier_count

args.mltk.experiment.alert.type = <string>
* Deprecated, will replaced by experimentType
* the type of alert generated by applying a model
* possible values:
*   NumericValue, CategoricalOutlierCount, CategoricalValue, ClusterEventCount, NumericOutlierCount:

args.mltk.experiment.alert.useMLTKCondition = [0|1]
* default to true
* whether an alert trigger condition uses MLTK specific ones
* If true, this saved search is using a custom trigger condition specific to MLTK Experiments

args.mltk.experiment.alert.values = <string>
* default to '[]'
* a list of values encoded in JSON
* used in condition(s): cat_predicted_value

args.mltk.experiment.title = <string>
* A human readable title of experiment type of saved search, since the original 'name' field is set to uuid.

display.visualizations.custom.Splunk_ML_Toolkit.DistributionViz.showOutliers = [0|1]
* default to 1
* Whether or not to show outliers

display.visualizations.custom.Splunk_ML_Toolkit.DistributionViz.showHistogram = [0|1]
* default to 1
* Whether or not to show the histogram

display.visualizations.custom.Splunk_ML_Toolkit.DistributionViz.showOutlierArea = [0|1]
* default to 1
* Whether or not to show the utlier area

display.visualizations.custom.Splunk_ML_Toolkit.DistributionViz.distributionCount = <int>
* default to 5
* The number of distributions to show on the visualization

display.visualizations.custom.Splunk_ML_Toolkit.ForecastViz.showConfInterval = [0|1]
* default to 1
* Whether or not to show the confidence interval

display.visualizations.custom.Splunk_ML_Toolkit.ForecastViz.legendAlign = ['bottom'|'right'|'left'|'top']
* default to 'bottom'
* Control the legend position

display.visualizations.custom.Splunk_ML_Toolkit.HeatmapViz.highlightDiagonals = [0|1]
* default to 1
* Whether or not to highlight diagonals

display.visualizations.custom.Splunk_ML_Toolkit.HistogramViz.stacking = [0|1]
* default to 1
* Whether or not to show the stacking

display.visualizations.custom.Splunk_ML_Toolkit.HistogramViz.stackingMode = ['normal'|'overlap']
* default to 'normal'
* Show the mode of the stacking

display.visualizations.custom.Splunk_ML_Toolkit.HistogramViz.showLegend = [0|1]
* default to 0
* Whether or not to show the legend

display.visualizations.custom.Splunk_ML_Toolkit.LinesViz.showNavigator = [0|1]
* default to 0
* Whether or not to show the navigator

display.visualizations.custom.Splunk_ML_Toolkit.LinesViz.sortXAxis = [0|1]
* default to 0
* Whether or not to sort the X Axis

display.visualizations.custom.Splunk_ML_Toolkit.OutliersViz.showConfidenceInterval = [0|1]
* default to 1
* Whether or not to show the confidence interval

display.visualizations.custom.Splunk_ML_Toolkit.OutliersViz.showOutlierCount = [0|1]
* default to 1
* Whether or not to show the outlier count

display.visualizations.custom.Splunk_ML_Toolkit.OutliersViz.showOutlierPoints = [0|1]
* default to 1
* Whether or not to show outlier points

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.bgColor = ['auto'|'black'|'white']
* default to 'auto'
* Control the background color

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.showLegend = [0|1]
* default to 1
* Whether or not to show the legend

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.legendOrder = ['numeric'|'default']
* default to 'numeric'
* Control the legendOrder

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.aspectMode = ['auto'|'cube'|'data'|'manual']
* default to 'auto'
* Control the aspect mode

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.xAspectRatio = <string>
* Control the X Aspect Ratio

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.yAspectRatio = <string>
* Control the Y Aspect Ratio

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.zAspectRatio = <string>
* Control the Z Aspect Ratio

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.size = <int>
* default to 8
* Control the size of the marker

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.opacity = <float>
* default to 0.5
* Control the opacity of the marker

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.symbol = ['circle'|'circle-open'|'square'|'square-open'|'diamond'|'diamond-open'|'cross'|'x']
* default to 'circle'
* Control the symbol shape

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.lineWidth = <int>
* default to 0
* Control the line width

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.xTitle = <string>
* Control the X-Axis Label

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.xAxisField = <string>
* default to x
* Control the X-Axis Field

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.yTitle = <string>
* Control the Y-Axis Label

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.yAxisField = <string>
* default to y
* Control the Y-Axis Field

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.zTitle = <string>
* Control the Z-Axis Label

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.zAxisField = <string>
* default to z
* Control the Z-Axis Field

display.visualizations.custom.Splunk_ML_Toolkit.Scatter3dViz.catLimit = <int>
* default to 50
* Control the limit on the number of categorical fields

display.visualizations.custom.Splunk_ML_Toolkit.ScatterLineViz.identityLine = [0|1]
* default to 0
* Whether or not to show the identity line (x=y)

display.visualizations.custom.Splunk_ML_Toolkit.ScatterLineViz.showLegend = [0|1]
* default to 1
* Whether or not to show the legend

display.visualizations.custom.Splunk_ML_Toolkit.ScatterLineViz.legendOrder = ['numeric'|'default']
* default to 'numeric'
* Control the legend order

display.visualizations.custom.Splunk_ML_Toolkit.ScatterLineViz.showAxisLabels = [0|1]
* default to 1
* Whether or not to show axis labels

display.visualizations.custom.Splunk_ML_Toolkit.ScatterLineViz.legendAlign = ['bottom'|'right'|'left'|'top']
* default to 'bottom'
* Control the legend position