Search commands for machine learning safeguards
The Splunk platform contains search processing language (SPL) safeguards to warn you when you might unknowingly run a search in Splunk Web that has commands that might be either a security or a performance risk. If a search command that Splunk classifies as risky triggers the safeguard, a warning dialog box appears to provide extra context for review, as well as the option to accept the risk and run the query anyway.
The fit or deletemodel commands modify the model and are considered as risky. When using the fit or deletemodel commands, you might see the following security warning message:
The scenarios under which this warning appears are as follows:
- When the
fitordeletemodelcommand is run for the first time after logging into the system with a URL. - When you refresh the page or log back in with the URL.
- When you use the Open in Search option within MLTK.
- When viewing certain Showcase examples.
The fit or deletemodel commands are not core Splunk search commands, and are only provided when MLTK is installed. You can follow the same steps for core search commands if you want to prevent the safeguard warning messages. See, Deactivate SPL safeguards in the Splunk Enterprise manual.
| Using the fit and apply commands | Search macros in the Splunk Machine Learning Toolkit |
This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.4.0, 5.4.1, 5.4.2, 5.5.0
Download manual
Feedback submitted, thanks!