Splunk® Machine Learning Toolkit

User Guide

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. Click here for the latest version.
Acrobat logo Download topic as PDF

About the Machine Learning Toolkit

The Splunk Machine Learning Toolkit (MLTK) enables users to create, validate, manage, and operationalize machine learning models through a guided user interface. The MLTK extends the Splunk platform functions and lets you build custom analytics for any use case. The toolkit includes over 30 common algorithms and gives you access to more than 300 popular open-source algorithms through the Python for Scientific Computing library.

The MLTK has two main components:

  • A Showcase, where you can see the six modeling assistants in action with example use cases. Through the Showcase you can inspect the Search Processing Language (SPL) and underlying code on the sample datasets, to see how it all works.
  • Assistants to guide you through the process of applying an analytic from the Showcase to your own data. Follow your preferred workflow to detect incidents, reduce resolution times, optimize business events, and predict and prevent costly events in your organization.

ML-SPL Quick Reference Guide

Download the Machine Learning Toolkit Quick Reference Guide for a handy cheat sheet of ML-SPL commands and machine learning algorithms used in the Splunk Machine Learning Toolkit. This document is also available in Japanese.

ML-SPL Performance App

Download the ML-SPL Performance App for the Machine Learning Toolkit to use performance results for guidance and benchmarking purposes in your own environment.

Extend the algorithms you can use for your models

The algorithms listed here and in the ML-SPL Quick Reference Guide are available natively in the Splunk Machine Learning Toolkit. You can also base your algorithm on over 300 open source Python algorithms from scikit-learn, pandas, statsmodel, numpy and scipy libraries available through the Python for Scientific Computing add-on in Splunkbase.

For information on how to import an algorithm from the Python for Scientific Computing add-on into the Splunk Machine Learning Toolkit, see the ML-SPL API Guide.

Add algorithms through GitHub

On-prem customers looking for solutions that fall outside of the 30 native algorithms can use GitHub to add more algorithms. Solve custom uses cases through sharing and reusing algorithms in the Splunk Community for MLTK on GitHub. Here you can also learn about new machine learning algorithms from the Splunk open source community, and help fellow users of the toolkit.

Cloud customers can also use GitHub to add more algorithms via an app. The Splunk GitHub for Machine learning app provides access to custom algorithms and is based on the Machine Learning Toolkit open source repo. Cloud customers need to create a support ticket to have this app installed.

Additional resources and materials

Download the Machine Learning Toolkit Quick Reference Guide for a handy cheat sheet of ML-SPL commands and machine learning algorithms used in the Splunk Machine Learning Toolkit. This document is also available in Japanese.

The toolkit ships with several example datasets meaning you can practice machine learning concepts, or re-create the Showcase examples in your own instance before working with your own data.

Watch Splunk Machine Learning Videos

Read more about machine learning tools in Splunk Machine Learning Blogs

Join the Splunk user group Slack channel.

Sign up to learn more via Splunk Education. We recommend the Splunk course on Analytics and Data Science once you have mastered the fundamentals.

Be part of the conversation on the Splunk Community page.

If you are building a custom app using the Machine Learning Toolkit and want to install it in your cloud environment, see Cloud vetting guidelines for apps.


Ask questions and get answers through community support at Splunk Answers.

If you have a support contract, submit a case using the Splunk Support Portal.

For general Splunk platform support, see the Splunk Support Programs page.

Last modified on 21 January, 2020
Welcome to the Machine Learning Toolkit
Share data in the Machine Learning Toolkit

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 4.2.0, 4.3.0

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters