Install or upgrade the Splunk App for Anomaly Detection

The Splunk App for Anomaly Detection uses machine learning in a simplified workflow to help you find anomalies in time-series data. Use the following directions to install the Splunk App for Anomaly Detection.

The app works on both Splunk Enterprise and Splunk Cloud Platform. After installation, the application is immediately available to use on data loaded in your Splunk instance. No additional configuration steps are needed.

The app works with any dataset that you can ingest into the Splunk platform environment. Similar to other Splunk applications, the CPU and memory resources the app consumes is commensurate with the size of the datasets you use.

Version dependencies

The Splunk App for Anomaly Detection relies on the Splunk Machine Learning Toolkit (MLTK) app and the Python for Scientific Computing (PSC) add-on. To learn more about MLTK, see the Splunk Machine Learning Toolkit manual.

The Splunk App for Anomaly Detection relies on the PSC add-on, but an ARM-compatible PSC version is not available. Thus, the app does not work on Mac M1 or M2 laptops.

See the following table to ensure you are running compatible versions of the apps:

For specific version information that includes the Splunk App for Anomaly Detection, MLTK, the PSC add-on, and Splunk Enterprise, see Splunk App for Anomaly Detection version matrix.

Install the app from Manage Apps

Perform the following steps to install the Splunk App for Anomaly Detection:

1. Download the Splunk App for Anomaly Detection from Splunkbase.
2. In Splunk Web, select the Manage Apps icon next to Apps in the left navigation bar.
3. On the Apps page, select Install app from file.
4. Select Choose File to navigate to and select the package file for the Splunk App for Anomaly Detection. Then click Open.
5. Select Upload.
6. Restart your Splunk instance after installing the Splunk App for Anomaly Detection.
7. Following the restart, you can see the app listed and available for use.

Install the app from Find More Apps

Perform the following steps to install the Splunk App for Anomaly Detection:

1. Select +Find More Apps from the left navigation bar.
2. Use a keyword such as "Anomaly" to see the Splunk App for Anomaly Detection.
3. Choose Install.
4. Input your username and password, review the terms and conditions, then Agree and Install.
5. Restart your Splunk instance.
6. Following the restart, you can see the app listed and available for use.

Install the app on a search head cluster

The Splunk App for Anomaly Detection is supported on search head clusters. Before deploying the app to a search head cluster, make the following changes to the app package:

1. Remove the eventgen.conf files and all files in the samples folder.
2. Remove the inputs.conf and inputs.conf.spec files, if the add-on contains them. Exception: If you are collecting data locally from the machines running your search head nodes, keep these files.
3. Remove the database.conf file, if the add-on contains one.

To deploy an add-on to the search head cluster members, use the deployer. See Use the deployer to distribute apps and configuration updates in the Distributed Search manual.

Upgrade the app

In Splunk Web, an Update option shows on the app icon in the left-hand Apps menu when a new version of an app is available on Splunkbase. Click that Update option to initiate the app update process.

Alternatively, you can perform the following steps:

1. Download the latest version of the app from Splunkbase.
2. In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
3. On the Apps page, click Install app from file.
4. Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
5. Check the Upgrade app box.
6. Click Upload.