Splunk® Machine Learning Toolkit

User Guide

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Splunk Machine Learning Toolkit

Machine learning is a process for generalizing from examples. These generalizations, typically called models, are used to perform a variety of tasks, such as predicting the value of a field, forecasting future values, identifying patterns in data, and detecting anomalies from new data. The Splunk Machine Learning Toolkit (MLTK) lets you create, validate, manage, and operationalize machine learning models through a guided user interface.

The Splunk Machine Learning Toolkit is not a default solution, but a way to create custom machine learning. You must have domain knowledge, Splunk Search Processing Language (SPL) knowledge, Splunk platform experience, and data science skills or experience to use MLTK.

Splunk Machine Learning Toolkit features

The following features are available in the Splunk Machine Learning Toolkit:

  • A Showcase of different sample datasets to help new users explore machine-learning concepts. Each end-to-end example pre-populates a guided modeling Assistant to demonstrate how to perform different types of machine learning analysis and prediction using best practices, including what the ideal results look like when you're using your own data. Filter the available Showcases by machine learning operation or industry to see the examples that best match your machine learning goals. For a detailed look at the Showcases, see Showcase examples.
  • Guided modeling Assistants to manage your data source, selected algorithm, and any additional parameters used to configure that algorithm. Assistants bring all aspects of a monitored machine learning pipeline into one interface and include automated model versioning and lineage. Each Assistant offers a choice of algorithms to fit and apply a model, with visualizations to help you interpret the results. Assistants are used with your own data and generate Splunk Search Processing Language (SPL) for you. For further information about Assistant options, see the Experiment Assistant overview and Smart Assistant overview.
  • Over 30 common algorithms and access to more than 300 popular open-source algorithms through the Python for Scientific Computing library. For a breakdown of the available algorithms, see Algorithms in the Machine Learning Toolkit.
  • SPL search command extensions to perform machine learning analytics on data, such as fitting and applying a model, as well as commands to list, summarize, and delete learned models. For more information about SPL search command extensions, see Search commands for machine learning.
  • Reusable information graphics for viewing and analyzing data in a particular format. For more information on information graphics, see Custom visualizations in the Machine Learning Toolkit.

For more information on other toolkit components, see What is included in MLTK.

Getting started with the Splunk platform

If you are a new user to the Splunk platform, familiarize yourself with the product by working through the Search Tutorial. The Search Tutorial helps you learn what the Splunk platform does and provides step-by-step walk-throughs on how to set up an instance of the platform, ingest data, perform searches, save and share reports, and create dashboards.

For more information, see the Search Tutorial in the Splunk Enterprise manual.

Getting started with the Splunk Machine Learning Toolkit

If you are new to MLTK, explore interactive machine learning examples that step you through the entire process for IT, security, business, and IoT use cases by reviewing the Showcase examples. Each Showcase uses different sample datasets to help new users explore machine learning concepts. The end-to-end examples pre-populate an Assistant to demonstrate how to perform different types of machine learning analysis and prediction using best practices, including what the ideal results look like when you use your own data.

For more information, see the Splunk Machine Learning Toolkit Showcase.

MLTK navigation bar

Select from the following tabs in the MLTK main navigation bar:

Tab name Accessible under tab
Showcases End-to-end examples that pre-populate the chosen Assistant with a sample dataset and demonstrate the results.
Experiments A knowledge object in the Splunk platform that keeps track of settings and history, as well as affiliated alerts and scheduled trainings.
Search Use your SPL knowledge to perform machine learning analytics on your chosen data.
Models Access any models that you created using the fit command. The model name, algorithm used, and sharing settings are visible.
Settings Users with administrator access can configure the fit and apply command settings and make changes for all algorithms or for an individual algorithm.

Default settings apply to each algorithm unless otherwise changed. To understand the impact of making changes to these default settings, download the ML-SPL Performance App for the Machine Learning Toolkit from Splunkbase.

Docs Read MLTK documentation.
Video Tutorials View videos about MLTK.

See also

For information on installing MLTK, see Install the Splunk Machine Learning Toolkit.

For information on additional MLTK resources, see Learn more about the Splunk Machine Learning Toolkit.

For MLTK support options, see Support for the Splunk Machine Learning Toolkit.

Last modified on 25 January, 2024
  NEXT
Welcome to the Splunk Machine Learning Toolkit

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.3.3, 5.4.0, 5.4.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters