Upgrade the Machine Learning Toolkit
The Machine Learning Toolkit (MLTK) releases new features and enhancements regularly. Refer to this document to learn how to keep your iteration of the toolkit up to date, as well as of any release related dependencies.
To learn about the latest toolkit features and enhancements, see What's new.
Running version 4.4.1 of the MLTK requires Splunk Enterprise 7.0 or later or Splunk Cloud. The Splunk Machine Learning Toolkit requires the Python for Scientific Computing (PSC) add-on. Upgrading to version 3.4.0 or above (4.0.0, 4.1.0, 4.2.0, 4.3.0, and 4.4.0 currently) of the toolkit requires upgrading to version 1.3 of the Python for Scientific Computing add-on.
In order to save models, users need the
upload_lookup_files capability included in their role.
Choose to upgrade to version 1.4 of the Python for Scientific Computing add-on to access all the features in version 4.3 and above of the toolkit.
Linux 32-bit support is not available should you upgrade to version 1.4 of the Python for Scientific Computing add-on.
You cannot access new features in the MLTK without upgrading to the latest version of the toolkit. Versions 3.4.0 and above of the toolkit require upgrading to versions 1.3 or 1.4 of the PSC add-on. See the version dependencies table for the specific requirements between toolkit and PSC add-on versions.
Specific version dependencies
MLTK Version PSC Version 4.4.1 1.3 or 1.4 4.4.0 1.3 or 1.4 4.3.0 1.3 or 1.4 4.2.0 1.3 or 1.4 4.1.0 1.3 4.0.0 1.3 3.4.0 1.3 3.3.0 1.2 or 1.3 3.2.0 1.2 or 1.3 3.1.0 1.2
If you have written any custom algorithms that rely on the PSC libraries, upgrading to version 1.3 or 1.4 the PSC library add-on will impact those algorithms. You must re-train any models (re-run the search that used the
fit command) using those algorithms after you upgrade the PSC add-on.
Any algorithms that have been imported from the Python for Scientific Computing add-on into the Machine Learning Toolkit are overwritten when the MLTK app is updated to a new version. Prior to upgrading the MLTK , save your custom algorithms and re-import them manually after the upgrade.
Algorithms are stored in
$SPLUNK_HOME/etc/apps/Splunk_ML_Toolkit/bin/algos on Unix-based systems and
%SPLUNK_HOME%\etc\apps\Splunk_ML_Toolkit\bin\algos on Windows systems.
Splunk Cloud deployments
For Splunk Cloud trial, self-service Splunk Cloud, or Managed Splunk Cloud, open a ticket with support and request the Python for Scientific Computing add-on and Machine Learning Tooklit app be upgraded to the latest version for you.
Splunk Enterprise single instance deployments
Follow these directions for single instance deployments.
Upgrade the Splunk Machine Learning Toolkit app on your single instance Splunk Enterprise
If a newer version of the Python for Scientific Computing add-on is required for the newer version of the Splunk Machine Learning Toolkit, a message will display when you run the Splunk Machine Learning Toolkit after the upgrade instructing you to install a newer version of the Python for Scientific Computing add-on.
Update an app or add-on in Splunk Web
In Splunk Web, click the Update option on the app icon in the left-hand Apps bar.
The Update option appears when a new version of an app is available on Splunkbase.
Alternatively, you can do the following:
- Download the latest version of the app from Splunkbase.
- In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
- Check the Upgrade app box.
- Click Upload.
Update an existing app on your Splunk instance using the CLI
Run the command line that corresponds to your operating system.
|Operating system||Command line|
Alternatively, unpack/unzip the file then copy the app directory to
$SPLUNK_HOME/etc/apps on Unix based systems or
%SPLUNK_HOME%\etc\apps on Windows systems.
Splunk Enterprise distributed deployments
In a distributed deployment of Splunk Enterprise, update the Splunk Machine Learning Toolkit, and Python for Scientific Computing add-on if necessary, on every Splunk instance where the application is installed. The Python for Scientific Computing and the Splunk Machine Learning Toolkit should be installed on all search heads where the Splunk Machine Learning Toolkit is used.
If Python for Scientific Computing is installed on your indexers in order to use the distributed apply feature of the Splunk Machine Learning Toolkit, you need to update the Python for Scientific Computing add-on on your indexers as well as your search heads if an update is required. If an update for Python for Scientific Computing is required, you will receive a message indicating this when you run the Splunk Machine Learning Toolkit after upgrading. For information about the distributed apply feature, see Use your indexers to apply models.
If you use search head clusters or indexer clusters, use the deployment methodology of your choice to make the updates.
- To learn about updating search head cluster members, see Use the deployer to distribute apps and configuration updates in the Distributed Search manual.
- To learn about about updating peers in an indexer cluster, see Manage app deployment across all peers in the Managing Indexers and Clusters of Indexers manual.
Install the GitHub for Machine Learning App
Preparing your data for machine learning
This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 4.4.1