Using the Splunk Machine Learning Toolkit

The Splunk Machine Learning Toolkit lets users create analytics in 6 useful areas: Predict Numeric Fields, Predict Categorical Fields, Detect Numeric Outliers, Detect Categorical Outliers, Forecast Time Series and Cluster Numeric Events. Get started by exploring interactive examples that step you through the entire process for IT, security, business and IoT use cases. When ready choose an Experiment Assistant to guide in creating your own custom built model.  You also have complete access to the underlying SPL commands generated by the toolkit. This gives you the freedom to further customize your model and to operationalize it in any way desired. 

The Splunk Machine Learning Toolkit provides the following features:

• A Showcase of different sample datasets to help new users explore machine-learning concepts. Each end-to-end example pre-populates an Assistant to demonstrate how to perform different types of machine learning analysis and prediction using best practices, including what ideal results would look like when using your own data. For details see Showcase examples
• Experiments management framework, that manages your data source, algorithm used, and additional parameters to configure that algorithm. Add notes to your Experiment to better track your model adjustments, and look back at previous changes through the Experiments History tab. The Assistants that live within an Experiment make it easy for you to create machine learning models through a guided workflow interface. Each Assistant offers a choice of algorithms to fit and apply a model, with visualizations to help you interpret the results. Assistants are used with your own data, and generate Splunk SPL for you. For details, see Experiments.
• Search command extensions that have been added to the Splunk Search Processing Language (SPL) to perform machine learning analytics on data such as fitting and applying a model. In addition, commands to list, summarize, and delete learned models. For details, see Search commands for machine learning.
• Custom visualizations, which are reusable information graphics for viewing and analyzing data in a particular format. For details, see Custom visualizations.

The MLTK navigation bar

You will find seven tabs to select from along the MLTK navigation bar including:

• Showcases: End-to-end examples that pre-populate the chosen assistant with a sample dataset, and demonstrate the results.
• Experiments: An Experiment is an exclusive knowledge object in Splunk that keeps track of its settings and history, as well as its affiliated alerts and scheduled trainings.
• Search: Use your SPL knowledge to perform machine learning analytics on your chosen data.
• Models: Access any models created using the fit command on the Search tab, or those made through the classic assistants. Model related details such as Model Name, Algorithm Used and Sharing settings are visible.
• Classic: Click here for alerts and scheduled trainings that were created in the MLTK version 3.1 or below, as well as the legacy layout of the 6 guided model building Assistants.
• Docs: Clicking here will take you out of the tool, and over to the documentation manual on the MLTK
• Video Tutorials: Clicking here will take you out of the tool, and over to a great series of videos on the MLTK

Splunk Machine Learning Toolkit files

To view the source code for the Splunk Machine Learning Toolkit app, see $SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit on Unix-based systems or %SPLUNK_HOME%\etc\apps\Splunk_ML_Toolkit on Windows systems.

Please note: MLTK is not open source. The code is provided as an example and for educational purposed only.