Classify Command

Use classify command to cluster properties of groups identified by the link command. This command returns the following details and the minimum and maximum range of the properties analyzed:

Id – Cluster identifier
Group Count – Number of groups within a cluster
Percentage - Percentage of a cluster relative to the cluster distribution
Distance - Distance of a cluster relative to the cluster distribution
Anomaly - Whether a cluster is an anomaly relative to the cluster distribution
Anomaly Baseline - Baselines used for identifying a cluster as an anomaly

Syntax

* | link <field_name> | classify [<classify_options>] <field_name> [, <field_name>] [as
    <new_field_name>]

Parameters

The following table lists the parameters used in this command, along with their descriptions.

Parameter Description

Parameter	Description
`classify_options`	Syntax: `[topcount = <count>] [bottomcount = <count>]` where `count` is the maximum number of clusters to return.

classify_options

Syntax: [topcount = <count>] [bottomcount = <count>]

where count is the maximum number of clusters to return.

For examples of using this command in typical scenarios, see:

Rename the Fields by Editing the Query in Using Oracle Log Analytics
Use Dictionary Lookup in Link in Using Oracle Log Analytics
Generate Link Alerts in Using Oracle Log Analytics
Visualize Time Series Data Using the Link Trend Feature in Using Oracle Log Analytics
Analyze the Access Logs of Oracle WebLogic Server in Using Oracle Log Analytics
Link by Using SQL Statement as the Field of Analysis in Using Oracle Log Analytics
Analyze the Time Taken Between Steps in a Transaction in Using Oracle Log Analytics

The following command returns an analysis of severity versus count for every transaction:

* | link 'Transaction ID' | classify Severity, Count as 'Severity Analysis'