Search commands for machine learning safeguards
The Splunk platform contains search processing language (SPL) safeguards to warn you when you might unknowingly run a search in Splunk Web that has commands that might be either a security or a performance risk. If a search command that Splunk classifies as risky triggers the safeguard, a warning dialog box appears to provide extra context for review, as well as the option to accept the risk and run the query anyway.
deletemodel commands modify the model and are considered as risky. When using the
deletemodel commands, you might see the following security warning message:
The scenarios under which this warning appears are as follows:
- When the
deletemodelcommand is run for the first time after logging into the system with a URL.
- When you refresh the page or log back in with the URL.
- When you use the Open in Search option within MLTK.
- When viewing certain Showcase examples.
deletemodel commands are not core Splunk search commands, and are only provided when MLTK is installed. You can follow the same steps for core search commands if you want to prevent the safeguard warning messages. See, Deactivate SPL safeguards in the Splunk Enterprise manual.
Using the fit and apply commands
Search macros in the Splunk Machine Learning Toolkit
This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.4.0, 5.4.1