Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

Custom visualizations

The Splunk Machine Learning Toolkit includes several reusable custom visualizations that you can use in your own dashboards. Each visualization expects data in a certain format with certain fields, indicated by the search fragment in the descriptions below.

To apply a custom visualization to your data:

1. Run a search from the Search page in the Splunk Machine Learning Toolkit or the default Search & Reporting app on the Splunk platform.

2. Click the Visualization tab, then click the menu at the top left to display available visualizations.


This image shows the Search page of the Machine Learning Toolkit. Four tabs are available to view on this page including Events, Patterns, Statistics and Visualization. The Visualization tab is selected and the Format button clicked. Within the format options, are several visualizations to choose from. In this example, the Scatter Line Chart is selected.

3. Select a visualization.

You can use these custom visualizations on any Splunk platform instance on which the Splunk Machine Learning Toolkit is installed.

Downsampled Line Chart (LinesViz)

MLApp Modviz lines.png

Shows values and trends over time, using downsampling to show large numbers of points. For examples, see the Actual vs. Predicted Overlay and Residuals charts in the Predict Numeric Fields assistant.

search_fragment = | table <xAxis> <yAxis1> <yAxis2> ...

Example: ... | table _time, "median_house_value", "predicted(median_house_value)" ...

Forecast Chart (ForecastViz)

MLApp Modviz forecast.png

Shows the forecast value for time series data. For an example, see the Forecast chart in the Forecast Time Series assistant.

search_fragment = | timechart count [by comparison_category] | `modvizpredict(<field>, <algorithm>, <futuretimespan>, <holdback>, <confidenceInterval>)`

Example: ... | `modvizpredict("bits_transferred", "LLP5", "224", "112", "95")` ...

Histogram Chart (HistogramViz)

MLApp Modviz histogram.png

Shows continuous data bucketed by the bucket/bin command. For an example, see the Residuals Histogram chart in the Predict Numeric Fields assistant.

search_fragment = | bin <field> bins=<number>

Example: ... | bin residual bins=100 ...

Outliers Chart (OutliersViz)

MLApp Modviz outliers.png

Shows the acceptable range for a value and highlights the points that are outside this range.

For an example, see the Outliers chart in the Detect Numeric Outliers assistant.

search_fragment = | table _time, outlier_variable, lowerBound, upperBound

Example: ... | table _time, quantity, lowerBound, upperBound, isOutlier ...


Scatter Line Chart (ScatterLineViz)

MLApp Modviz scatterline.png

Shows relationships between discrete values in two dimensions, as well as an additional identity (x=y) line. For an example, see the Actual vs. Predicted Scatter Plot chart in the Predict Numeric Fields assistant.

search_fragment = | table <xAxis> <yAxis>

Example: ... | table "median_house_value" "predicted(median_house_value)" ...

Scatterplot Matrix

MLApp scatterplotmatrix.png

Shows relationships between discrete values in multiple dimensions. For an example, see the chart in the Cluster Numeric Events assistant.

search_fragment = | table <name_category>, <dimension_1>, <dimension_2>, <dimension_3> ...

Example: ... | table cluster, "avg_rooms_per_dwelling", "business_acres", "median_house_value" ...

Last modified on 30 August, 2018
Manage models   Assistants overview

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 3.2.0, 3.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters