Share data in the Splunk App for Anomaly Detection

When the Splunk App for Anomaly Detection is deployed on Splunk Enterprise, the Splunk platform sends aggregated usage data to Splunk Inc. ("Splunk") to help improve the Splunk App for Anomaly Detection in future releases. For information about how to opt in or out and how the data is collected, stored, and governed, see Share data in Splunk Enterprise.

What data is collected

The Splunk App for Anomaly Detection collects the following basic usage information:

Component Description Example
app.session.schedule_clicked Information entered in the "Schedule" modal in the Job Dashboard. 
{ [-]
   component: app.session.schedule_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     cronSchedule:
     page: start
     rowData: { [-]
       alertExpiresTimeUnit: h
       alertExpiresValue: 24
     }
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 8a67326a-3821-f524-a30d-2bcfd5af315d
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680199458
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.manage_alert_clicked Information entered in the "Manage Alert" modal in the Job Dashboard. 
{ [-]
   component: app.session.manage_alert_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     cronSchedule: 0 2 * * 3
     page: start
     rowData: { [-]
       alertExpiresTimeUnit: h
       alertExpiresValue: 24
     }
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 576ed315-7667-7552-9aeb-fc5ebbab88c0
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680199977
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.app_go_to_tab The tab ("Job Dashboard" or "Create a New Job") to which the user changed. 
{ [-]
   component: app.session.app_go_to_tab
   data: { [-]
     activePanelId: Job Dashboard
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 8d4ae192-a139-523c-84e5-bc49afa28758
   experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1678914889
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.field_selected Whether the user selected a field for running anomaly detection. 
{ [-]
   component: app.session.field_selected
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: b6339b64-c8dc-9b54-562a-d7ed6c61c8be
   experienceID: 32bd9ad3-fb06-f2ae-6712-494f26b2c728
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680132382
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.alert_trigger_saved The information that evaluates the detected anomalies against the alerting conditions to determine whether or not an email should be sent. 
{ [-]
   component: app.session.alert_trigger_saved
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     data: { [-]
       actions: email
       alert.expires: 24h
       alert_condition: | delta isOutlier as outlierDelta | eval isFirstOutlier=if(outlierDelta == 1, 1, 0) | where isFirstOutlier == 1 | eventstats count as outlierCount | sort 1 anomConf desc | stats min(anomConf) as minAnomConf by outlierCount | search outlierCount >= 1 AND minAnomConf >= 0.7
       alert_type: custom
       is_scheduled: true
     }
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: eaa05cdb-cb35-bd33-5cf3-743a2a30f2c3
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680199778
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.new_job_go_to_tab The tab ("Job Dashboard" or "Create a New Job") to which the user changed. 
{ 
   component: app.session.new_job_go_to_tab
   data: { 
     activePanelId: Create Anomaly Job
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: d6e4950f-2806-a4f2-82bb-6f4268372b7f
   experienceID: e3567a53-e173-e2df-2d85-e4911b77d2b2
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1678908071
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.schedule_saved The scheduling details that the user entered for the Job execution. 
{ [-]
   component: app.session.schedule_saved
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     data: { [-]
       cron_schedule: 0 2 * * 3
       dispatch.earliest_time: -1w
       dispatch.latest_time: now
     }
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 3bc05666-912f-0905-52ff-9c153df41f3e
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680199564
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.new_job_saved Name and description of job created by user. 
{ [-]
   component: app.session.new_job_saved
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: fd242723-d376-f176-679a-376265165d67
   experienceID: f78ca542-43f1-ff17-c7e8-147f813701a2
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680113341
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.delete_job_clicked Informs us that the user deleted a job. 
{ [-]
   component: app.session.delete_job_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     cronSchedule:
     page: start
     rowData: { [-]
       alertExpiresTimeUnit: h
       alertExpiresValue: 24
     }
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 79cf2cd7-b0e9-386d-372b-b260340adaea
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680208681
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.detect_anomalies_clicked Informs us that the user clicked on the "Detect Anomalies" button to initiate anomaly detection. 
{ [-]
   component: app.session.detect_anomalies_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 27b5eda1-80ab-4017-7f64-87af436c10f8
   experienceID: 32bd9ad3-fb06-f2ae-6712-494f26b2c728
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680132394
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.sensitivity_saved Informs us of the sensitivity value (low, medium, or high) selected by the user upon operationalization of the AD search. 
{ [
   component: app.session.sensitivity_saved
   data: { [
     app: Splunk_App_for_Anomaly_Detection
     page: start
     sensitivity: 2
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 42ea2afb-57c6-326c-dfcf-2b0504856947
   experienceID: ffc7e5a5-44dc-92ec-ffbd-e34b1dae7a62
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1677867058
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.create_job_open_in_search_clicked nforms us that the user clicked on the button to open the SPL query in search from within the "Create Job" dialog. 
{
   component: app.session.create_job_open_in_search_clicked
   data: { 
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
   eventID: 8824d9f6-c85b-8b6c-220c-9a8747dcf315
   experienceID: 18bbe076-9b99-75db-075a-bc54550b5df1
   optInRequired: 3
   splunkVersion: 9.0.0
   timestamp: 1680185851
   userID: 959b8bbc98699b81ce13be1e4558b784006b0939fd5a93e6b6b69d5fd77f155a
   version: 4
   visibility: anonymous,support
}
app.session.view_spl_clicked Informs us that the user clicked on the button to open the SPL query in search from the main AD workflow UI. 
{ [-]
   component: app.session.view_spl_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: c4b829fb-1933-7fa3-3de9-bbf77dfa6b60
   experienceID: f78ca542-43f1-ff17-c7e8-147f813701a2
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680113283
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.delete_job_successful Deleting a job was successful. 
{ [-]
   component: app.session.delete_job_successful
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     cronSchedule:
     page: start
     rowData: { [-]
       alertExpiresTimeUnit: h
       alertExpiresValue: 24
     }
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 5d0b5d8e-1f35-e938-0e89-9a9d156729d5
   experienceID: e846f8bf-600d-d111-c9f7-4ad48c976acd
   optInRequired: 3
   splunkVersion: 9.0.3
   timestamp: 1680208681
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
}
app.session.delete_missing_data_job_successful Informs us that the user deleted a missing data job. 
{ [-]
   component: app.session.delete_missing_data_job_successful
   data: { [-]
     alertCondition: | search max_consecutive_missing_vals >= 1
     app: Splunk_App_for_Anomaly_Detection
     cronSchedule: 15 * * * *
     page: start
     source: UI Telemetry
   }
   deploymentID: c529adf3-cc3e-5843-95ef-222183b1bdc5
   eventID: 0148a673-c799-a03c-73ec-fcd5455422b3
   experienceID: e8c5a086-be1f-b98e-2184-aa81d48eb694
   optInRequired: 3
   original_timestamp: 1687822106
   splunkVersion: 9.0.5
   timestamp: 1687822106
   userID: 11b935cc0c5729ea1447a6da5669d6b978d38f7805e0376c2de90e5675b21cab
   version: 4
   visibility: anonymous,support
}
app.session.aggregation_selected Whether an aggregation method outside of the default (avg) was selected. 
{ [-]
   component: app.session.aggregation_selected
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     method: median
     page: start
     source: UI Telemetry
   }
   deploymentID: f95be205-1ba7-525f-92eb-6da4e70905fd
   eventID: 5d26cef4-122c-c2c6-a0b5-f9049f2a3f02
   experienceID: b6b196ee-aa3d-f38f-3bc6-6c0f4c69adc4
   optInRequired: 3
   original_timestamp: 1687994539
   splunkVersion: 9.0.4.1
   timestamp: 1687994539
   userID: 7f6650341a5a634700cde398d1f17fadec3092122a5dcfaad0f206b08b9fba81
   version: 4
   visibility: anonymous,support
}
app.session.time_span_selected Whether a time span outside of the default for aggregation was selected. 
{ [-]
   component: app.session.time_span_selected
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
     timeSpan: 5m
   }
   deploymentID: f95be205-1ba7-525f-92eb-6da4e70905fd
   eventID: 385aaac2-062c-bf1c-612d-0cae5cd90067
   experienceID: b6b196ee-aa3d-f38f-3bc6-6c0f4c69adc4
   optInRequired: 3
   original_timestamp: 1687994534
   splunkVersion: 9.0.4.1
   timestamp: 1687994534
   userID: 7f6650341a5a634700cde398d1f17fadec3092122a5dcfaad0f206b08b9fba81
   version: 4
   visibility: anonymous,support
}
app.session.updated_job_saved The user clicked save job after editing information. 
component: app.session.updated_job_saved
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: c551ac66-1d97-5dc7-98ac-634bcc99ebee
   eventID: 0ade0e64-8665-bda5-115c-9885308bafee
   experienceID: 867a87f1-72a6-989a-0211-3fb5152f6ad1
   optInRequired: 3
   original_timestamp: 1687458445
   splunkVersion: 9.0.3
   timestamp: 1687458445
   userID: 3dd53389b7530de43e28ba58dead9cda506df188cf348f24c5984be45bcbd3bc
   version: 4
   visibility: anonymous,support
app.session.job_dashboard_open_in_search_clicked The user clicked to open the SPL query associated with the job in search. 
{ [-]
   component: app.session.job_dashboard_open_in_search_clicked
   data: { [-]
     app: Splunk_App_for_Anomaly_Detection
     page: start
     source: UI Telemetry
   }
   deploymentID: 1b9cf9b0-a283-51cf-869f-898a26801ea0
   eventID: f329dc9b-8c03-15d1-7af1-40b0271b421a
   experienceID: 2b517c1d-6ee9-c299-8610-ab5e4e6b17d3
   optInRequired: 3
   original_timestamp: 1682099162
   timestamp: 1682099162
   userID: 60dbb3421d0ea2d90eb8b9ce1e80f198c34adc8869436c4cd508916a857d4d87
   version: 4
   visibility: anonymous,support
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp The time policy score. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 2
     message: Time Policy Score: 0.9260099659107661
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 0DEF66C3-2195-47DA-89D2-35AEF2628C1F
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ 
     anonymous
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp The number of anomalies/ anomalous intervals detected in the data. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 2
     message: Number of anomalies detected: 280
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 0762117C-BD48-4813-8D88-7A0D9B1FDA0B
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ 
     anonymous
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp The length of the seasonal/periodic component (if one is found) in the data. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 1
     message: Detected seasonal period length: 1
   }
   deploymentID: a676d989-ba85-599f-91c2-9cb0c16722ed
   eventID: 9A7BBCAC-B0CE-48E5-A4FD-52FE37763AB2
   executionID: 15BA56B4-06DD-4420-A86A-D2BA2496EA1B
   optInRequired: 3
   timestamp: 1678876382
   type: aggregate
   visibility: [
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Whether the user is running the app with Splunk preinstalled dataset or with their own data. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 1
     message: Using our included inputlookup data
   }
   deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
   eventID: DA0A3667-BF04-4427-8F77-339AB11079A2
   executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
   optInRequired: 3
   timestamp: 1678880187
   type: aggregate
   visibility: [
     anonymous
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp The top and bottom 5 anomaly confidence scores found in the data. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 1
     message: Top 5 anomConfs: [0.9433 0.8127 0.7784 0.7269 0.7113]
   }
   deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
   eventID: F939CAC7-E468-4490-9915-BA448068533D
   executionID: DEB3F0F8-3319-4B64-807E-581EE9BD2DF4
   optInRequired: 3
   timestamp: 1678880187
   type: aggregate
   visibility: [ 
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp How long our custom algorithm took to run. Encompasses all backend computation other than the SPL query execution time. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 1
     message: Total execution time in seconds for `fit AutoAnomalyDetection` call: 0.5578451156616211
   }
   deploymentID: a2cbe2e4-ae0e-5dd1-9e15-af9aeff49113
   eventID: 813454ED-EDF5-488E-8BE2-00E3B64F5D01
   executionID: A2D51B94-F483-4367-AB4A-FA92B6DC5597
   optInRequired: 3
   timestamp: 1678972625
   type: aggregate
   visibility: [
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Whether the user's data is evenly-spaced, and if so, what the resolution is. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 2
     message: Time series evenly-spaced with resolution 300.0 seconds.
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 8AC067E3-91A4-474A-A2E1-03C8DD37818B
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Whether or not the ensemble chose to use ADESCA algo. 
{ [-]
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { [-]
     count: 2
     message: Using ADESCA: True
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 49A5C6DF-85CD-4F4B-83EA-93D13F43F4F2
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ [+]
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp The number of missing/non-numeric values that were imputed. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 2
     message: Number of imputed values = 0
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 642AF933-7388-4349-A7CF-78FB1E1D89F0
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ [+]
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Number of anomalies detected that are non-contiguous. 
{ [-]
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { [-]
     count: 1
     message: Number of non-continous anomalies detected: 2
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 9181E253-A2EF-47EC-9987-114592710EEB
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ 
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Example timestamps. 
{ 
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { 
     count: 2
     message: Example timestamps: 2014-04-01 00:00:00, 2014-04-14 23:55:00
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 2507E555-D79B-4AB5-9AF0-D709607CB83A
   executionID: 472B0BC6-6C3C-428B-9C45-7F7870CE99CD
   optInRequired: 3
   original_timestamp: 1687984621
   timestamp: 1687984621
   type: aggregate
   visibility: [ 
     anonymous
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Number of points in input time series. 
{ [-]
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { [-]
     count: 2
     message: Input series length (excluding missing/NaN values) = 4032
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 3809676E-A7BD-44E6-87A2-7068EE64271B
   executionID: 212F3ACB-C03F-487A-A122-5753ADCAE277
   optInRequired: 3
   original_timestamp: 1687996141
   timestamp: 1687996141
   type: aggregate
   visibility: [ [+]
   ]
}
app.Splunk_App_for_Anomaly_Detection.anomalyapp Value of sensitivity parameter provided by the user. 
{ [-]
   app: Splunk_App_for_Anomaly_Detection
   component: app.Splunk_App_for_Anomaly_Detection.anomalyapp
   data: { [-]
     count: 4
     message: Sensitivity Parameter: 1
   }
   deploymentID: 5cc4d71a-9684-51cf-9700-c3ac900253a4
   eventID: 5198FC63-5432-4B45-80B4-1D5C16BD137E
   executionID: 667E9DDD-E851-4A0E-9A4F-3B9108C5056F
   optInRequired: 3
   original_timestamp: 1688002812
   timestamp: 1688002812
   type: aggregate
   visibility: [ [+]
   ]
}