Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

Install the Splunk Machine Learning Toolkit

The Splunk Machine Learning Toolkit (MLTK) lets you create, validate, manage, and operationalize machine learning models through a guided user interface. Follow these directions to install MLTK.

Requirements

You must meet the following requirements to successfully install and the run the Splunk Machine Learning Toolkit (MLTK):

  • Splunk Enterprise 8.2.x or higher, or Splunk Cloud Platform.
  • Installation of the correct version of the Python for Scientific Computing (PSC) add-on from Splunkbase. Choose the appropriate operating system version of PSC for your environment:

On some Windows installations, installing PSC through the Splunk Manage Apps user interface results in an error. This error is usually benign and you can ignore it. In some cases, you might need to manually unpack the package in the apps directory to get past the error.

Version dependencies

For version information that includes MLTK, the PSC add-on, Python, and the Splunk platform, see the Splunk Machine Learning Toolkit version dependencies.

MLTK version PSC add-on version Splunk platform version
5.4.2 4.2.1 Splunk Enterprise 8.2.x, 9.0.x, 9.1.x, or 9.2.x,

or Splunk Cloud Platform

3.2.1 Splunk Enterprise 8.2.x, 9.0.x, 9.1.x, or 9.2.x,

or Splunk Cloud Platform

5.4.1 4.1.2 or 4.2.0 Splunk Enterprise 9.2.x

or Splunk Cloud Platform

3.1.0, 3.2.0, 4.1.0, 4.1.2, or 4.2.0 Splunk Enterprise 8.1.x, 8.2.x, 9.0.0, 9.0.1, 9.0.5, or 9.1.0

or Splunk Cloud Platform

5.4.0 4.1.2 Splunk Enterprise 9.2.x

or Splunk Cloud Platform

3.1.0, 4.1.0, or 4.1.2 Splunk Enterprise 8.2.x, 9.0.0, 9.0.1, 9.0.5, or 9.1.0

or Splunk Cloud Platform

5.3.3 3.0.2, 3.1.0, 4.0.0, 4.1.0, or 4.1.2 Splunk Enterprise 8.1.x, 8.2.x, or 9.0.0

or Splunk Cloud Platform

5.3.1 3.0.0, 3.0.1, or 3.0.2 Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0

or Splunk Cloud Platform

5.3.0 3.0.0, 3.0.1, or 3.0.2 Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0

or Splunk Cloud Platform

5.2.2 2.0.0, 2.0.1, or 2.0.2 Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0

or Splunk Cloud Platform

5.2.1 2.0.0, 2.0.1, or 2.0.2 Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0

or Splunk Cloud Platform

5.2.0 2.0.0, 2.0.1, or 2.0.2 Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0

or Splunk Cloud Platform

5.1.0 2.0.0, 2.0.1, or 2.0.2 Splunk Enterprise 8.0.x or 8.1.x

or Splunk Cloud Platform

5.0.0 2.0.0, 2.0.1, or 2.0.2 Splunk Enterprise 8.0.x or 8.1.x

or Splunk Cloud Platform

Install from Manage Apps

Follow these steps to install the Splunk Machine Learning Toolkit using Manage Apps:

  1. Download the Splunk Machine Learning Toolkit app from Splunkbase.
  2. In Splunk Web, select the Manage icon next to Apps in the left navigation bar as shown in the following image: This image shows the home page view of a Splunk platform instance. An icon labeled Manage is highlighted.
  3. On the Apps page, select Install app from file.
  4. Select Choose File to navigate to and select the package file for the Machine Learning Toolkit. Then click Open.
  5. Select Upload.
  6. Restart your Splunk instance.
  7. Following the restart, you can see the MLTK app listed and available for use.

Install from Find more apps

Perform the following steps to install the Splunk Machine Learning Toolkit using Find more apps:

  1. Select Find more apps from the left navigation bar as shown in the following image:
    This image shows the home page of a Splunk platform instance. An icon labeled Find More Apps is highlighted.
  2. In the search field you can use keywords such as "machine learning" to find the Splunk Machine Learning Toolkit.
  3. Choose Install.
  4. Input your username and password, review the terms and conditions, then Agree and Install.
  5. Restart your Splunk instance.
  6. Following the restart, you can see the MLTK app listed on your home page and available for use.

Install from the command line

On the command line (CLI), run the command that corresponds to your operating system:

Operating system Command line
Unix/Linux 
./splunk install app <path/packagename>
Windows 
splunk install app <path\packagename>

Alternatively, unpack/unzip the file then copy the app directory to $SPLUNK_HOME/etc/apps on Unix based systems or %SPLUNK_HOME%\etc\apps on Windows systems.

Where to install

See the following table for where to install MLTK and PSC:

In a distributed deployment and depending on your environment, you might need to install MLTK and PSC in multiple places.

Splunk component Supported Y/N MLTK required PSC required Description
Search Heads Yes Yes Yes Install MLTK and PSC to all search heads where the MLTK is used.
Indexers No No No Do not install on Indexers.
Heavy Forwarders No No No Do not install on Heavy Forwarders
Universal Forwarders No No No Do not install on Universal Forwarders
Light Forwarders No No No Do not install on Light Forwarders

Distributed deployment feature compatibility

See the following table for the compatibility of MLTK with Splunk distributed deployment features:

Distributed deployment feature Supported Actions required
Search Head Clusters Yes Search heads must be running Splunk Enterprise version 6.6.x or higher.
Indexer Clusters No Do not install on Indexer Clusters.

Splunk Machine Learning Toolkit files

You can view the source code for the Splunk Machine Learning Toolkit app in Unix and Windows environments:

  • For Unix-based systems, see $SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit.
  • For Windows systems, see %SPLUNK_HOME%\etc\apps\Splunk_ML_Toolkit.

The Splunk Machine Learning Toolkit is not open source and MLTK source code is provided as an example only, and for educational purposes.

See the following table for sub-directory names and descriptions:

Subdirectory Description
appserver/static and /bin Contains the underlying code files for Python, JavaScript, CSS, and images.
/default Contains configuration and dashboard files.
/lookups Contains the sample datasets used in the Showcase examples, along with more information about the datasets and their licenses.

Bundle replication

Permanent model files, sometimes referred to as learned models or encoded lookups, are saved on disk. These files follow Splunk knowledge object rules, including permissions and bundle replication. Bundle replication is the process by which knowledge objects on the search head are distributed to the indexers.

The Splunk Machine Learning Toolkit includes a number of example model files that support the Showcase. These examples are powered by .CSV lookup files. To prevent performance issues, these .CSV lookup files are not included in MLTK bundle replication processes.

Last modified on 21 August, 2024
Scoring metrics in the Splunk Machine Learning Toolkit   Install the GitHub for Machine Learning App

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.4.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters