Splunk® Machine Learning Toolkit

User Guide

This documentation does not apply to the most recent version of Splunk® Machine Learning Toolkit. For documentation on the most recent version, go to the latest release.

Upgrade the Machine Learning Toolkit

The Machine Learning Toolkit (MLTK) regularly releases new features and enhancements. To learn about the latest MLTK features and enhancements, see What's new.

Requirements

Running version 5.0.0 or above of the MLTK requires Splunk Enterprise 8.0 or above or Splunk Cloud Platform.

The Splunk Machine Learning Toolkit requires the Python for Scientific Computing (PSC) add-on. Version 5.3.0 of the MLTK requires version 3.0.0 or 3.0.1 of the Python for Scientific computing add-on.

Upgrading to version 5.3.0 of the MLTK requires the retraining of any old models.

About the PSC add-on

Version 3.0.0 of the Python for Scientific Computing (PSC) add-on brings updates to several libraries in the package. In particular, Numpy, Scipy, scikit-learn, Statsmodels, and Networkx are upgraded to their latest available versions.

On November 16, 2021 version 3.0.1 of the Python for Scientific Computing (PSC) add-on was released. This version is limited to configuration updates for deployment on Splunk Cloud Platform.

MLTK versions 5.2.2 and lower are not compatible with versions 3.0.0 or 3.0.1 of PSC. If you are upgrading to version 3.0.0 or 3.0.1 of PSC, you must also upgrade your installation of MLTK to version 5.3.0 or higher.

Versions 2.0.2 and 2.0.1 of the PSC add-on are limited to minor library upgrades from version 2.0.0. There are no differences in functionality to version 2.0.0 of the PSC add-on.

If you have any custom algorithms that rely on the PSC libraries, upgrading the PSC library add-on will impact those algorithms. You must re-train any models (re-run the search that used the fit command) using those algorithms after you upgrade the PSC add-on.

On some Windows installations, installing PSC through the Splunk Manage Apps user interface results in an error. This error is usually benign and can be ignored. In some cases it is necessary to manually unpack the package in the apps directory to get past the error.

Specific version dependencies

For version information that includes MLTK, the PSC add-on, Python, and Splunk Enterprise, see Machine Learning Toolkit version dependencies matrix.

MLTK Version PSC Version
5.3.0 3.0.0 or 3.0.1
5.2.2 2.0.0, 2.0.1, or 2.0.2
5.2.1 2.0.0, 2.0.1, or 2.0.2
5.2.0 2.0.0, 2.0.1, or 2.0.2
5.1.0 2.0.0, 2.0.1, or 2.0.2
5.0.0 2.0.0, 2.0.1, or 2.0.2
4.4.2 1.3 or 1.4
4.4.1 1.3 or 1.4
4.4.0 1.3 or 1.4
4.3.0 1.3 or 1.4
4.2.0 1.3 or 1.4
4.1.0 1.3
4.0.0 1.3
3.4.0 1.3
3.3.0 1.2 or 1.3
3.2.0 1.2 or 1.3
3.1.0 1.2


Splunk Cloud Platform deployments

For Splunk Cloud Platform trial and Splunk Cloud Platform, open a ticket with support and request an upgrade to the latest version of the Python for Scientific Computing add-on and Machine Learning Toolkit app.

Splunk Enterprise single instance deployments

Follow these directions for single instance deployments.

Upgrade the Splunk Machine Learning Toolkit app on your single instance Splunk Enterprise

If a newer version of the Python for Scientific Computing add-on is required for the newer version of the Splunk Machine Learning Toolkit, a message will display when you run the Splunk Machine Learning Toolkit after the upgrade instructing you to install a newer version of the Python for Scientific Computing add-on.

Update an app or add-on in Splunk Web

In Splunk Web, click the Update option on the app icon in the left-hand Apps bar.
The Update option appears when a new version of an app is available on Splunkbase.

Alternatively, you can do the following:

  1. Download the latest version of the app from Splunkbase.
  2. In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
  3. On the Apps page, click Install app from file.
  4. Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
  5. Check the Upgrade app box.
  6. Click Upload.

Update an existing app on your Splunk instance using the CLI

Run the command line that corresponds to your operating system.

Operating system Command line
Unix/Linux ./splunk install app <app_package_filename> -update 1 -auth <username>:<password>
Windows splunk install app <app_package_filename> -update 1 -auth <username>:<password>

Alternatively, unpack/unzip the file then copy the app directory to $SPLUNK_HOME/etc/apps on Unix based systems or %SPLUNK_HOME%\etc\apps on Windows systems.

Splunk Enterprise distributed deployments

In a distributed deployment of Splunk Enterprise, update the Splunk Machine Learning Toolkit, and Python for Scientific Computing add-on if necessary, on every Splunk instance where the application is installed. The Python for Scientific Computing and the Splunk Machine Learning Toolkit should be installed on all search heads where the Splunk Machine Learning Toolkit is used.

Last modified on 17 November, 2021
Install the GitHub for Machine Learning App   Machine Learning Toolkit version dependencies

This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.3.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters