Splunk® Enterprise Security Content Update

How to Use Splunk Security Content

Configure Splunk Enterprise Security to use the Machine Learning Toolkit

You can configure Splunk Enterprise Security (ES) to use the Machine Learning Toolkit (MLTK). MLTK enables users to create, validate, manage, and operationalize machine learning models through a guided user interface. See About the Machine Learning Toolkit in the Splunk Machine Learning Toolkit User Guide.

Using a version of ES that is 6.0.0 or higher

If you are using ES 6.0.0 or higher, MLTK is included in the installer. There are no additional steps. See Release Notes for Splunk Enterprise Security.

Using a version of ES that is lower than 6.0.0

If you are using a version of ES that is lower than 6.0.0, complete the following steps to configure ES to use MLTK.

After downloading MLTK from Splunkbase, visit this page for installation instructions, then follow the steps below to import MLTK for use with ES.

1. On the Enterprise Security toolbar, browse to Configure > General > App Imports Update

2. Edit the update_es input

3. In the field for "Application Regular Expression," add the following to the end of the existing string: |(Splunk_ML_Toolkit)

4. Click "Save"

Detailed documentation on importing an app/add-on can be found at https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps#Import_add-ons_with_a_different_naming_convention

Last modified on 20 January, 2021
Install and set up the Splunk Machine Learning Toolkit   Get started with the Risk Notable Playbook Pack for Splunk SOAR

This documentation applies to the following versions of Splunk® Enterprise Security Content Update: 3.22.0, 3.23.0, 3.24.0, 3.25.0, 3.26.0, 3.27.0, 3.28.0, 3.29.0, 3.30.0, 3.31.0, 3.32.0, 3.33.0, 3.34.0, 3.35.0, 3.36.0, 3.37.0, 3.38.0, 3.39.0, 3.40.0, 3.41.0, 3.42.0, 3.43.0, 3.44.0, 3.45.0, 3.46.0, 3.47.0, 3.48.0, 3.49.0, 3.50.0, 3.51.0, 3.52.0, 3.53.0, 3.54.0, 3.55.0, 3.56.0, 3.57.0, 3.58.0, 3.59.0, 3.60.0, 3.61.0, 3.62.0, 3.63.0, 3.64.0, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.11.1, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0, 4.18.0, 4.19.0, 4.20.0, 4.21.0, 4.22.0, 4.23.0, 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, 4.29.0, 4.30.0, 4.31.0, 4.31.1, 4.32.0, 4.33.0, 4.34.0, 4.35.0, 4.36.0, 4.37.0, 4.38.0, 4.39.0, 4.40.0, 4.41.0, 4.42.0, 4.43.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters