Scores events in the input table according to whether the specified column (a double) has a spike. The scores are higher for events that with a spike in the specified column.

Operator Usage in Easy Mode

Click + on the parent node.
Enter the Score Spikes operator in the search field and select the operator from the Results to open the operator form.
In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
In the Column drop-down, enter or select a column to detect spikes over time.
Click Run to view the result.
Click Save to add the operator to the playbook.
Click Cancel to discard the operator form.

Usage Details

LQL Command

scoreSpikes(inputTable, column)

Example

Input

lhub_ts	bytes_in
02/04/2018 06:40:00	256
02/04/2018 06:41:00	256
02/04/2018 06:42:00	256
02/04/2018 06:43:00	256
02/04/2018 06:44:00	1028
02/04/2018 06:45:00	1028
02/04/2018 06:46:00	1028

LQL command

scoreSpikes(table, "bytes_in")

Output

lhub_ts	bytes_in	lhub_score
02/04/2018 06:40:00	256	0.0
02/04/2018 06:41:00	256	0.0
02/04/2018 06:42:00	256	0.0
02/04/2018 06:43:00	256	0.0
02/04/2018 06:44:00	1028	10.0
02/04/2018 06:45:00	1028	0.0
02/04/2018 06:46:00	1028	0.0

Browser not supported