Install or upgrade the Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning integrates advanced custom machine learning and deep learning systems with the Splunk platform. Use the following directions to install or upgrade the Splunk App for Data Science and Deep Learning.
Version dependencies
The Splunk App for Data Science and Deep Learning (DSDL) relies on the Splunk Machine Learning Toolkit (MLTK) app. See the following table to ensure you are running compatible versions of the apps:
| DSDL version | MLTK app version | PSC add-on version | Python version | Splunk platform version |
|---|---|---|---|---|
| 5.2.0 | 5.5.0 | 3.2.2 or 4.2.2 | 3.9 | Splunk Enterprise 8.2.x, 9.0.x, 9.1.x, 9.2.x, 9.3.x, or 9.4.x, or Splunk Cloud Platform |
| 5.4.2 | 4.2.1 | 3 | Splunk Enterprise 8.2.x, 9.0.x, 9.1.x, 9.2.x, 9.3.x, or 9.4.x, or Splunk Cloud Platform | |
| 5.4.2 | 3.2.1 | 3 | Splunk Enterprise 8.2.x, 9.0.x, 9.1.x, 9.2.x, 9.3.x, or 9.4.x, or Splunk Cloud Platform | |
| 5.1.2 | 5.4.0 or higher | 3.1.0, 4.1.0, or 4.1.2 | 3 | Splunk Enterprise 8.1.x, 8.2.x, 9.0.x, 9.1.x, or 9.2.x or Splunk Cloud Platform |
| 5.1.1 | 5.4.0 or higher | 3.1.0, 4.1.0, or 4.1.2 | 3 | Splunk Enterprise 8.1.x, 8.2.x, 9.0.0, 9.0.1, or 9.1.0 or Splunk Cloud Platform |
| 5.1.0 | 5.4.0 | 3.1.0, 4.1.0, or 4.1.2 | 3 | Splunk Enterprise 8.1.x, 8.2.x, 9.0.0, or 9.0.1 or Splunk Cloud Platform |
| 5.0.0 | 5.4.0 | 3.1.0 or 4.1.0 | 3 | Splunk Enterprise 8.1.x, 8.2.x, 9.0.0, or 9.0.1 or Splunk Cloud Platform |
| 5.0.0 | 5.3.3 | 3.0.2, 3.1.0, 4.0.0, or 4.1.0 | 3 | Splunk Enterprise 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.3.1 | 3.0.0, 3.0.1, or 3.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.3.0 | 3.0.0, 3.0.1, or 3.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.2 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.1 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.1.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x or 8.1.x or Splunk Cloud Platform |
| 5.0.0 | 5.0.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x or 8.1.x or Splunk Cloud Platform |
Where to install the Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning works both for Splunk on-premises and Splunk Cloud Platform. You must provide additional security and configurations such as IP address and port allow listing through ACS for Splunk Cloud Platform. For distributed Splunk Enterprise deployments, install DSDL on the search head or search head cluster. You don't need to install DSDL on indexers.
The two typical scenarios for setting up DSDL are single-instance and side-by-side:
- Single-instance runs the containers on the same instance as the Splunk search head. This setup is useful for local development purposes or for small to medium sized production environments.
- Side-by-side is typically used for production environments where the search head connects to a dedicated Kubernetes cluster or dedicated Docker host.
About search head load
While DSDL offloads major computational tasks like model training and inference to external containers, the following activities still occur on the Splunk search head:
- Search preparation: When data is prepared or staged, the search head handles SPL searches and organizes data before sending it to the container.
- Data transfer: Large datasets or frequent searches can affect search head performance if numerous staging commands are running concurrently.
- Local MLTK usage: If you run models directly on the search head using MLTK commands, resource usage can spike, particularly during heavy training tasks.
Consider the following guidelines:
- Configure a dedicated search head or scale appropriately when running frequent or large-scale model training workloads.
- Use the container-based approach provided by DSDL to reduce impact on core Splunk performance. For example,
mode=stage, GPU training. - To manage resource intensive MLTK training jobs, see Configure algorithm performance costs in the MLTK User Guide
Install the Splunk App for Data Science and Deep Learning
DSDL installation includes both some prerequisites and installation steps. If you work in an air-gapped environment, see Install and configure the Splunk App for Data Science and Deep Learning in an air-gapped environment.
Prerequisites
You must complete the following prerequisites to successfully run the Splunk App for Data Science and Deep Learning:
- Splunk Enterprise 8.2.x or higher, or Splunk Cloud Platform.
- Install the Splunk Machine Learning Toolkit (MLTK) app.
- MLTK provides machine learning commands, such as
fitandapplyfor model training, and manages non-DSDL models trained directly on the search head. - Set the MLTK app permissions to Global so that knowledge objects are shared across the deployment.
- MLTK provides machine learning commands, such as
- Install the Python for Scientific Computing (PSC) add-on.
- PSC supplies Python libraries and dependencies required for scientific computing and machine learning tasks.
- A Docker or Kubernetes container environment.
- An internet connection is required to pull the prebuilt Docker container images from the public Docker hub repository.
Installation steps
Follow these steps to install the Splunk App for Data Science and Deep Learning:
- Download and install the Splunk App for Data Science and Deep Learning from Splunkbase.
- Install the Splunk App for Data Science and Deep Learning from the Manage Apps tab. In Splunk Web, select the Manage Apps icon next to Apps in the left navigation bar.
- On the Apps page, select Install app from file.
- Select Choose File to navigate to and select the package file for the Splunk App for Data Science and Deep Learning. Then click Open.
- Select Upload.
- Restart your Splunk instance after installing the Splunk App for Data Science and Deep Learning.
- Ensure your internet connected Docker, Kubernetes, or Openshift environment is accessible with permissions to pull the prebuilt MLTK container images and start containers.
- Set up the Splunk App for Data Science and Deep Learning by connecting it to your environment using the Configuration > Setup page of the app.
- Test the connection and save the configuration.
- Start a development container from the Containers tab of the app.
Data is sent from a Splunk search head to containers using HTTPS for the endpoint URL. A self-signed certificate is provided with the app which works with the prebuilt images. For further security requirements talk to your system administrators about the set up of the app and your container environment.
- Depending on your selected image (Golden Image CPU or GPU), run one of the following examples from the Examples tab to verify that the Splunk App for Data Science and Deep Learning is working:
- Neural Network Classifier Example for Tensorflow
- Logistic Regression Classifier Example for PyTorch
Upgrade the Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning (DSDL) regularly releases new features and enhancements. To learn about features and enhancements by released version, see New features for the Splunk App for Data Science and Deep Learning in the Release Notes manual.
Upgrade requirements
Running version 5.2.0 of DSDL requires Splunk Enterprise 8.2.x or higher, or Splunk Cloud Platform.
You must also be running version 5.4.2 or higher of the Splunk Machine Learning Toolkit (MLTK). MLTK relies on the Python for Scientific Computing (PSC) add-on. For details on compatible versions of DSDL, MLTK, and PSC, see Version dependencies.
Update the app in Splunk Web
In Splunk Web, an Update option shows on the app icon in the left-hand Apps menu when a new version of an app is available on Splunkbase. Click that Update option to initiate the app update process.
Alternatively, you can perform the following steps:
- Download the latest version of the app from Splunkbase.
- In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
- Check the Upgrade app box.
- Click Upload.
- (Optional) Run the Configuration > Setup of the app to make sure all container configuration is still valid and that new configuration items are reflected after the app upgrade installation.
| Splunk App for Data Science and Deep Learning components | Configure the Splunk App for Data Science and Deep Learning |
This documentation applies to the following versions of Splunk® App for Data Science and Deep Learning: 5.2.0
Download manual
Feedback submitted, thanks!