Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

Smart Assistants overview

Introduced in version 4.3.0 of the Splunk Machine Learning Toolkit (MLTK), Smart Assistants enable advanced query building and machine learning outcomes for users with little to no Search Processing Language (SPL) knowledge. Built on the backbone of the Experiment Management Framework (EMF), Smart Assistants offer a guided workflow through which you can create new Experiments. Smart Assistants let you quickly move from fitting a model on historic data to applying a model on real-time data and taking action.

There are currently two Smart Assistants available with more to be released over the coming months:

  • Smart Forecasting Assistant
  • Smart Outlier Detection Assistant

Smart Assistant workflow

Select one of the available Smart Assistants to create a new Experiment and then move through the stages of Define, Learn, Review, and Operationalize. Steps in each stage let you load data, build your model, and put that model into production.

Each stage offers data preview and visualization panels. As with Experiment Assistants, you have access to modeling history, a method to view the underlying SPL, and the option to add notes as you work.

This image shows the Smart Forecasting Assistant mid-process. The Define, Learn, and Review stages are all available. The Operationalize stage is greyed out as the Review stage is not yet completed. The image shows a visualization view into the data loaded into the Smart Assistant.

Saved Experiments

Once you save an Experiment built with a Smart Assistant, a new knowledge object is created in the Splunk platform. This knowledge object keeps track of all the settings for the Experiment pipeline, as well as affiliated alerts and scheduled trainings.

Save your work prior to scheduling a training job for the Experiment, managing alerts for an Experiment, or deploying an Experiment.

The saved knowledge object enables you to: Organize your Experiment around solving a business problem with machine learning. Keep all of your modeling history and experimentation in one place.

Experiments are knowledge objects that are bound to the user who creates them. Experiment-built models cannot be shared in the GUI. Use the publish or export options to share models generated in an Experiment with another app or user.

Users with admin permissions can access stored MLTK model data in the following .conf file: SPLUNK_HOME/etc/users/username/Splunk_ML_Toolkit/local/experiments.conf. To learn more about .conf files, see About configurations files in the Splunk Enterprise Admin Manual.

Operationalize models

You can operationalize your persisted models to other SPL workflows in the Splunk platform through the publish functionality, as well as create alerts for any Experiments saved within the Smart Assistant framework. When creating alerts, select from standard Trigger Conditions, or from Machine Learning Conditions that are specific to the Smart Assistant.

The following table lists the Machine Learning trigger conditions as available by Smart Assistant:

Smart Assistant Machine Learning Trigger Conditions
Smart Forecasting Assistant Triggers based on a value of predicted field during a scheduled search.
Smart Outlier Detection Assistant Triggers based a number of outliers during a scheduled search.

Available Smart Assistants

The following Smart Assistants are available in MLTK:

Smart Forecasting Assistant

The Smart Forecasting Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.

The Smart Forecasting Assistant uses the StateSpaceForecast algorithm to forecast future numeric time-series data. Version 4.4.0 and above of the Smart Forecasting Assistant offers both univariate and multivariate forecasting options.

You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Forecasting include:

  • Forecast the Number of Calls to a Call Center

  • Forecast App Logons with Special Days

  • Forecast App Expenses
  • Forecast App Expenses from Multiple Variables

Click the name of any Smart Forecasting Showcase to see this new Assistant and its updated interface using pre-loaded test data and pre-selected forecast parameters.

Smart Outlier Detection Assistant

The Smart Outlier Detection Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.

The Smart Outlier Detection Assistant uses the DensityFunction algorithm to to leverage a density algorithm and segment data in advance of your anomaly search.

You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Outlier Detection include:

  • Find Anomalies in Hard Drive Metrics
  • Find Anomalies in Supermarket Purchases

Click the name of any Smart Outlier Detection Showcase to see this new Assistant and its updated interface using pre-loaded test data and pre-selected outlier detection parameters.

Last modified on 15 November, 2021
Machine Learning Toolkit Showcase   Experiment Assistants overview

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 4.5.0, 5.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters