Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

Classic Assistants overview

There are six Classic Assistants that live within the Machine Learning Toolkit. This is the legacy version of the guided modeling Assistant layout for the MLTK. These Assistants enable machine learning through a guided user interface.

Through the Assistants workflow, users specify data sources, select an algorithm and algorithm parameters , select the fields for the algorithms to analyze and set training/test data splits. Once the user instructs the Assistant to fit the algorithms to the selected training data and generate results, the workflow continues through the available visualizations and statistical analysis. Every step of the workflow has tooltips as additional guides, the option to see the SPL being written by the Assistant (with an explanation for the commands), and an option to open a clone of the SPL in a new search window for customization by the user.

Choose the Classic Assistant to suit your needs:

  • The Predict Numeric Fields Classic Assistant uses regression algorithms to predict or estimate numeric values. Such models are useful for determining to what extent certain peripheral factors contribute to a particular metric result. After the regression model is computed, you can use these peripheral values to make a prediction on the metric result.
  • The Predict Categorical Fields Classic Assistant displays a type of learning known as classification. A classification algorithm learns the tendency for data to belong to one category or another based on related data.
  • The Detect Numeric Outliers Classic Assistant determines values that appear to be extraordinarily higher or lower than the rest of the data. Identified outliers are indicative of interesting, unusual, and possibly dangerous events. This assistant is restricted to one numeric data field.
  • The Detect Categorical Outliers Classic Assistant identifies data that indicate interesting or unusual events. This assistant allows non-numeric and multi-dimensional data, such as string identifiers and IP addresses. To detect categorical outliers, input data and select the fields for which to look for unusual combinations or a coincidence of rare values. When multiple fields have rare values, the result is an outlier.
  • The Forecast Time Series Classic Assistant forecasts the next values in a sequence for a single time series. The result includes both the forecasted value and a measure of the uncertainty of that forecast. Forecasting refers to the use of past time series data trends to make a prediction about likely future values.
  • The Cluster Numeric Events Classic Assistant partitions events with multiple numeric fields into groups of events based on the values of those fields. The groupings aren't known in advance an the algorithms are often referred to as unsupervised learning.

Assistant commands

Commands vary depending upon which Assistant is selected:

  • Predict Numeric and Predict Categorical Fields use the fit model command
  • Detect Numeric Outliers and Detect Categorical Outliers use detect outliers command
  • Forecast Time Series uses forecast command
  • Cluster Numeric Events uses cluster command

Further information

For more information about alerts, see Getting started with alerts in the Splunk Enterprise Alerting Manual.
For more information about reports, see Saving and sharing reports in the Splunk Enterprise Search Tutorial Manual.

Last modified on 24 August, 2018
Custom visualizations   Predict Numeric Fields Classic Assistant

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 3.4.0, 4.0.0, 4.1.0, 4.2.0, 4.3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters