Upgrade the Machine Learning Toolkit
The Machine Learning Toolkit (MLTK) regularly releases new features and enhancements. To learn about features and enhancements by released version, see What's new.
Requirements
Running version 5.3.3 or higher of the MLTK requires Splunk Enterprise 8.1.x or higher or Splunk Cloud Platform.
The Machine Learning Toolkit requires the Python for Scientific Computing (PSC) add-on. Version 5.3.3 of the MLTK requires version 3.0.2, 3.1.0, 4.0.0, 4.1.0, or 4.1.2 of the Python for Scientific computing add-on. Version 4.0.0 of the PSC add-on requires additional installation steps. Version 4.0.0 is only available when using MLTK version 5.3.3.
Upgrading to a 5.3.x version of MLTK from a 5.2.x version of MLTK requires the retraining of any old models.
About the PSC add-on
Version 4.0.0 of the Python for Scientific Computing (PSC) add-on provides updates and adds several libraries in the package. In particular, Pytorch, cpuonly, transformers, onnxruntime, pydantic, and watchdog. Version 4.0.0 of PSC is only available when using MLTK version 5.3.3.
The build size of the PSC add-on version 4.0.0 might exceed the default value of max_upload_size which can prevent you from installing the package using the Install app from file option under Manage Apps. To install PSC 4.0.0 you must create a web.conf file , update max_upload_size to a higher value, and restart Splunk from your terminal. See Install version 4.0.0 of the Python for Scientific Computing add-on.
Version 3.0.2 of the Python for Scientific Computing (PSC) add-on is limited to bug fixes only.
Version 3.0.1 of the Python for Scientific Computing (PSC) add-on is limited to configuration updates for deployment on Splunk Cloud Platform.
Version 3.0.0 of the Python for Scientific Computing (PSC) add-on brings updates to several libraries in the package. In particular, Numpy, Scipy, scikit-learn, Statsmodels, and Networkx are upgraded to their latest available versions.
If you have any custom algorithms that rely on the PSC libraries, upgrading the PSC add-on will impact those algorithms. You must re-train any models (re-run the search that used the fit command) using those algorithms after you upgrade the PSC add-on.
The Splunk Enterprise Security App relies on MLTK and the PSC add-on. If you are a Splunk Enterprise Security App user, and you are upgrading that app, restart your Splunk instance first. Doing so closes any background PSC processes that can cause the Splunk Enterprise Security App upgrade to error out.
Specific version dependencies
For version information that includes MLTK, the PSC add-on, Python, and Splunk Enterprise, see Machine Learning Toolkit version dependencies matrix.
MLTK version PSC version 5.3.3 3.0.2, 3.1.0, 4.0.0, 4.1.0, or 4.1.2 5.3.1 3.0.0, 3.0.1, or 3.0.2 5.3.0 3.0.0, 3.0.1, or 3.0.2 5.2.2 2.0.0, 2.0.1, or 2.0.2 5.2.1 2.0.0, 2.0.1, or 2.0.2 5.2.0 2.0.0, 2.0.1, or 2.0.2 5.1.0 2.0.0, 2.0.1, or 2.0.2 5.0.0 2.0.0, 2.0.1, or 2.0.2 4.4.2 1.3 or 1.4 4.4.1 1.3 or 1.4 4.4.0 1.3 or 1.4 4.3.0 1.3 or 1.4 4.2.0 1.3 or 1.4 4.1.0 1.3 4.0.0 1.3 3.4.0 1.3 3.3.0 1.2 or 1.3 3.2.0 1.2 or 1.3 3.1.0 1.2
Splunk Cloud Platform deployments
For Splunk Cloud Platform trial and Splunk Cloud Platform, open a ticket with support and request an upgrade to the latest version of the Python for Scientific Computing add-on and Machine Learning Toolkit app.
Splunk Enterprise single instance deployments
Follow these directions for single instance deployments.
Upgrade the Machine Learning Toolkit app on your single instance Splunk Enterprise
If a newer version of the Python for Scientific Computing add-on is required for the newer version of the Machine Learning Toolkit, a message will display when you run the Machine Learning Toolkit after the upgrade instructing you to install a newer version of the Python for Scientific Computing add-on.
Update an app or add-on in Splunk Web
In Splunk Web, click the Update option on the app icon in the left-hand Apps bar.
The Update option appears when a new version of an app is available on Splunkbase.
Alternatively, you can perform the following steps:
- Download the latest version of the app from Splunkbase.
- In Splunk Web, click on the gear icon next to Apps in the left navigation bar.
- On the Apps page, click Install app from file.
- Click Choose File, navigate to and select the package file for the app or add-on, then click Open.
- Check the Upgrade app box.
- Click Upload.
Update an existing app on your Splunk instance using the CLI
Run the command line that corresponds to your operating system:
| Operating system | Command line |
|---|---|
| Unix/Linux | ./splunk install app <app_package_filename> -update 1 -auth <username>:<password>
|
| Windows | splunk install app <app_package_filename> -update 1 -auth <username>:<password>
|
Alternatively, unpack/unzip the file then copy the app directory to $SPLUNK_HOME/etc/apps on Unix based systems or %SPLUNK_HOME%\etc\apps on Windows systems.
Splunk Enterprise distributed deployments
In a distributed deployment of Splunk Enterprise, update the Machine Learning Toolkit, and Python for Scientific Computing add-on if necessary, on every Splunk instance where the application is installed. The Python for Scientific Computing and the Machine Learning Toolkit should be installed on all search heads where the Machine Learning Toolkit is used.
| Install the GitHub for Machine Learning App | Machine Learning Toolkit version dependencies |
This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.3.3
Download manual
Feedback submitted, thanks!