Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

About the Machine Learning Toolkit

Machine learning is a process for generalizing from examples. These generalizations, typically called models, are used to perform a variety of tasks, such as predicting the value of a field, forecasting future values, identifying patterns in data, and detecting anomalies from new data. The Machine Learning Toolkit (MLTK) enables users to create, validate, manage, and operationalize machine learning models through a guided user interface.

The Machine Learning Toolkit is not a default solution, but a way to create custom machine learning. You must have domain knowledge, Splunk Search Processing Language (SPL) knowledge, Splunk platform experience, and data science skills or experience to use the MLTK.

Machine Learning Toolkit features

The following features are available in the Machine Learning Toolkit:

  • A Showcase of different sample datasets to help new users explore machine-learning concepts. Each end-to-end example pre-populates a guided modeling Assistant to demonstrate how to perform different types of machine learning analysis and prediction using best practices, including what the ideal results look like when you're using your own data. Filter the available Showcases by machine learning operation or industry to see the examples that best match your machine learning goals. For a detailed look at the Showcases, see Showcase examples.
  • Guided modeling Assistants to manage your data source, selected algorithm, and any additional parameters used to configure that algorithm. Assistants bring all aspects of a monitored machine learning pipeline into one interface and include automated model versioning and lineage. Each Assistant offers a choice of algorithms to fit and apply a model, with visualizations to help you interpret the results. Assistants are used with your own data and generate Splunk Search Processing Language (SPL) for you. For further information about Assistant options, see the Experiment Assistant overview and Smart Assistant overview.
  • Over 30 common algorithms and access to more than 300 popular open-source algorithms through the Python for Scientific Computing library. For a breakdown of the available algorithms, see Algorithms in the Machine Learning Toolkit.
  • SPL search command extensions to perform machine learning analytics on data, such as fitting and applying a model, as well as commands to list, summarize, and delete learned models. For more information about SPL search command extensions, see Search commands for machine learning.
  • Reusable information graphics for viewing and analyzing data in a particular format. For more information on information graphics, see Custom visualizations in the Machine Learning Toolkit.

For more information on other toolkit components, see What is included in the MLTK.

Getting started with the Splunk platform

If you are a new user to the Splunk platform, familiarize yourself with the product by working through the Search Tutorial. The Search Tutorial helps you learn what the Splunk platform does and provides step-by-step walk-throughs on how to set up an instance of the platform, ingest data, perform searches, save and share reports, and create dashboards.

For more information, see the Search Tutorial.

Getting started with the Machine Learning Toolkit

If you are new to the MLTK, explore interactive machine learning examples that step you through the entire process for IT, security, business, and IoT use cases by reviewing the Showcase examples. Each Showcase uses different sample datasets to help new users explore machine learning concepts. The end-to-end examples pre-populate an Assistant to demonstrate how to perform different types of machine learning analysis and prediction using best practices, including what the ideal results look like when you use your own data.

For more information, see the Showcase examples.

The MLTK navigation bar

You have eight tabs to select from in the MLTK navigation bar:

Tab name Accessible under tab
Showcases End-to-end examples that pre-populate the chosen Assistant with a sample dataset and demonstrate the results.
Experiments A knowledge object in the Splunk platform that keeps track of settings and history, as well as affiliated alerts and scheduled trainings.
Search Use your SPL knowledge to perform machine learning analytics on your chosen data.
Models Access any models that you created using the fit command, or access models created by the Classic Assistants. The model name, algorithm used, and sharing settings are visible.
Classic Access alerts and scheduled trainings created in the MLTK version 3.1 or earlier, as well as view the legacy layout for the original six model building Assistants.
Settings Users with administrator access can configure the fit and apply command settings and make changes for all algorithms or for an individual algorithm.
Docs Read the MLTK documentation.
Video Tutorials View videos about the MLTK.

The default settings apply to each algorithm unless it has its own value for a particular setting. To understand the impact of making changes to these default settings, download the ML-SPL Performance App for the Machine Learning Toolkit from Splunkbase.

See also

For information on installing the MLTK, see Install the Machine Learning Toolkit.

For information on additional MLTK resources, see Learn more about the Machine Learning Toolkit.

For MLTK support options, see Support for the Machine Learning Toolkit.

Last modified on 29 July, 2022
  Welcome to the Machine Learning Toolkit

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 4.5.0, 5.0.0, 5.1.0, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters