Splunk® App for Anomaly Detection

Use the Splunk App for Anomaly Detection

Install or upgrade the Splunk App for Anomaly Detection

The Splunk App for Anomaly Detection uses machine learning in a simplified workflow to help you find anomalies in time-series data. Use the following directions to install the Splunk App for Anomaly Detection.

The app works on both Splunk Enterprise and Splunk Cloud Platform. After installation, the application is immediately available to use on data loaded in your Splunk instance. No additional configuration steps are needed.

The app works with any dataset that you can ingest into the Splunk platform environment. Similar to other Splunk applications, the CPU and memory resources the app consumes is commensurate with the size of the datasets you use.

Version dependencies

The Splunk App for Anomaly Detection relies on the Splunk Machine Learning Toolkit (MLTK) app and the Python for Scientific Computing (PSC) add-on. To learn more about MLTK, see the Splunk Machine Learning Toolkit manual.

The Splunk App for Anomaly Detection relies on the PSC add-on, but an ARM-compatible PSC version is not available. Thus, the app does not work on Mac M1 or M2 laptops.

See the following table to ensure you are running compatible versions of the apps:

Splunk App for Anomaly Detection version MLTK version PSC version
1.1.2 5.3.0 or higher 3.0.0 or higher
1.1.1 5.3.0 or higher 3.0.0 or higher
1.1.0 5.3.0 or higher 3.0.0 or higher
1.0.0 5.4.0 3.1.0 or 4.1.0

For specific version information that includes the Splunk App for Anomaly Detection, MLTK, the PSC add-on, and Splunk Enterprise, see Splunk App for Anomaly Detection version matrix.

Install the app from Manage Apps

Perform the following steps to install the Splunk App for Anomaly Detection:

  1. Download the Splunk App for Anomaly Detection from Splunkbase.
  2. In Splunk Web, select the Manage Apps icon next to Apps in the left navigation bar. This image shows an example screen of the Splunk platform. The Manage Apps icon is highlighted.
  3. On the Apps page, select Install app from file.
  4. Select Choose File to navigate to and select the package file for the Splunk App for Anomaly Detection. Then click Open.
  5. Select Upload.
  6. Restart your Splunk instance after installing the Splunk App for Anomaly Detection.
  7. Following the restart, you can see the app listed and available for use.

Install the app from Find More Apps

Perform the following steps to install the Splunk App for Anomaly Detection:

  1. Select +Find More Apps from the left navigation bar. This image shows an example Splunk instance with a variety of apps listed. A button labeled as Find More Apps is highlighted.
  2. Use a keyword such as "Anomaly" to see the Splunk App for Anomaly Detection. This image shows the Browse More Apps page. The word Anomaly is used to filter results. The Splunk App for Anomaly Detection is highlighted.
  3. Choose Install.
  4. Input your username and password, review the terms and conditions, then Agree and Install.
  5. Restart your Splunk instance.
  6. Following the restart, you can see the app listed and available for use.

Install the app on a search head cluster

The Splunk App for Anomaly Detection is supported on search head clusters. Before deploying the app to a search head cluster, make the following changes to the app package:

  1. Remove the eventgen.conf files and all files in the samples folder.
  2. Remove the inputs.conf and inputs.conf.spec files, if the add-on contains them. Exception: If you are collecting data locally from the machines running your search head nodes, keep these files.
  3. Remove the database.conf file, if the add-on contains one.

To deploy an add-on to the search head cluster members, use the deployer. See Use the deployer to distribute apps and configuration updates in the Distributed Search manual.

Upgrade the app

In Splunk Web, an Update option shows on the app icon in the left-hand Apps menu when a new version of an app is available on Splunkbase. Click that Update option to initiate the app update process.

Alternatively, you can perform the following steps:

  1. Download the latest version of the app from Splunkbase.
  2. In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
  3. On the Apps page, click Install app from file.
  4. Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
  5. Check the Upgrade app box.
  6. Click Upload.
Last modified on 14 November, 2023
About the Splunk App for Anomaly Detection   Splunk App for Anomaly Detection workflow

This documentation applies to the following versions of Splunk® App for Anomaly Detection: 1.1.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters