DocumentationIntegrations
Contact Us

interpolateScorer

Score events by interpolation.

Suggest Edits

When adding standard score rules, the rules must match exactly, or they don't apply. This operator allows you to expand the scoring capability to events that don't match exactly by interpolating between known scores. See nearestNeighborScorer for an alternative approach.

This operator performs single-variable linear interpolation (see https://en.wikipedia.org/wiki/Linear_interpolation) using the two nearest 'known' scores. A known score is anything that you have scored explicitly using the score rules interface. This operator uses the known scores as a guide to linearly interpolate within that range of scores. If a value is not within the values used to compute the known scores (to extrapolate), a score of 10.0 is generated.

For example, assume that you have two known scores. Bytes = 0 has a score of 0.0, and bytes = 500 has a score is 5.0. For a row with bytes = 300, interpolateScorer assigns the value 3.0. However, for a row with score bytes = 600, interpolateScorer should not assign 6.0, because 600 is outside the known range of values (0 - 500). For values like this that are outside the known range, a score of 10.0 is assigned, which indicates that the operator doesn't have a good answer.

Note: This operator does not apply score rules as usual. It uses the score rules for interpolation. If you later provide additional known scores, this operator re-adjusts the scores based on the new information. This operator requires at least two known scores to be able to work properly.

Operator Usage in Easy Mode

  1. Click + on the parent node.
  2. Enter the Interpolate Scorer operator in the search field and select the Interpolate Scorer operator from the results to open the operator form.
  3. In the Input Table drop-down, enter or select the table containing the data to run this operator on.
  4. In the Column field, enter the column name to interpolate.
  5. Click Run to view the result.
  6. Click Save to add the operator to the playbook.
  7. Click Cancel to discard the operator form.

Usage Details

interpolateScorer(inputTable, column)

Input

inputTable: The table containing the data to run this operator on.
column: The column to interpolate

Output
A score table where each row is scored by interpolating given scores.

Input
table = github_logs

Updated 6 months ago

© 2017-2021 LogicHub®. All Rights Reserved.