Understanding Insights

An Insight is a collection of anomalies which can be manually or automatically created. They tell the story of your data.

There are three types of Insight:

  • Influencer Insights - automatically created by an Insight Monitor, these are a collection of anomalies that share the same influencer
  • Bucket Insights - automatically created by an Insight Monitor, these are a collection of anomalies that occur close in time regardless of influencer
  • User Insights - manually created by adding anomalies to the Clipboard

Creating automatic Insights

Insight monitors are implemented as Splunk scheduled searches, that periodically review the results of Prelert anomaly searches. The Insight monitor configuration defines when Insights will be created. This differs depending upon whether or not an Insight is based on bucket information or share a common influencer.

Influencer Insights