Smart Assistants overview
Smart Assistants enable advanced query building and machine learning outcomes for users with little to no Search Processing Language (SPL) knowledge. Built on the backbone of the Experiment Management Framework (EMF), Smart Assistants offer a guided workflow through which you can create new Experiments. Smart Assistants let you quickly move from fitting a model on historic data to applying a model on real-time data and taking action.
There are four Smart Assistants available:
- Smart Clustering Assistant
- Smart Forecasting Assistant
- Smart Outlier Detection Assistant
- Smart Prediction Assistant
Smart Assistant workflow
Select one of the available Smart Assistants to create a new Experiment and then move through the stages of Define, Learn, Review, and Operationalize. Steps in each stage let you load data, build your model, and put that model into production.
Each stage offers data preview and visualization panels. As with Experiment Assistants, you have access to modeling history, a method to view the underlying SPL, and the option to add notes as you work.
Saved Experiments
Once you save an Experiment built with a Smart Assistant, a new knowledge object is created in the Splunk platform. This knowledge object keeps track of all the settings for the Experiment pipeline, as well as affiliated alerts and scheduled trainings.
Save your work prior to scheduling a training job for the Experiment, managing alerts for an Experiment, or deploying an Experiment.
The saved knowledge object enables you to: Organize your Experiment around solving a business problem with machine learning. Keep all of your modeling history and experimentation in one place.
Experiments are knowledge objects that are bound to the user who creates them. Experiment-built models cannot be shared in the GUI. Use the publish or export options to share models generated in an Experiment with another app or user.
Users with admin permissions can access stored MLTK model data in the following .conf file: SPLUNK_HOME/etc/users/username/Splunk_ML_Toolkit/local/experiments.conf. To learn more about .conf files, see About configurations files in the Splunk Enterprise Admin Manual.
Operationalize models
You can operationalize your persisted models to other SPL workflows in the Splunk platform through the publish functionality, as well as create alerts for any Experiments saved within the Smart Assistant framework. When creating alerts, select from standard Trigger Conditions, or from Machine Learning Conditions that are specific to the Smart Assistant.
The following table lists the Machine Learning trigger conditions as available by Smart Assistant:
Smart Assistant | Machine Learning Trigger Conditions |
---|---|
Smart Clustering Assistant | Triggers based on a value of cluster_distance during a scheduled search. |
Smart Forecasting Assistant | Triggers based on a value of predicted field during a scheduled search. |
Smart Outlier Detection Assistant | Triggers based a number of outliers during a scheduled search. |
Smart Prediction Assistant | Triggers based on the numeric value of a predicted field during a scheduled search. Triggers based on the categorical value of a predicted field during a scheduled search. |
Available Smart Assistants
The following Smart Assistants are available in MLTK:
Smart Clustering Assistant
The Smart Clustering Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.
The Smart Clustering Assistant uses the K-means algorithm to partition events.
You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Outlier Clustering include:
- Cluster Events in Housing Data
- Cluster Events in Mortgage Data
Smart Forecasting Assistant
The Smart Forecasting Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.
The Smart Forecasting Assistant uses the StateSpaceForecast algorithm to forecast future numeric time-series data. Version 4.4.0 and above of the Smart Forecasting Assistant offers both univariate and multivariate forecasting options.
You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Forecasting include:
- Forecast the Number of Calls to a Call Center
- Forecast App Logons with Special Days
- Forecast App Expenses
- Forecast App Expenses from Multiple Variables
Smart Outlier Detection Assistant
The Smart Outlier Detection Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.
The Smart Outlier Detection Assistant uses the DensityFunction algorithm to leverage a density algorithm and segment data in advance of your anomaly search.
You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Outlier Detection include:
- Find Anomalies in Hard Drive Metrics
- Find Anomalies in Supermarket Purchases
Smart Prediction Assistant
The Smart Prediction Assistant offers an updated look and feel as well as well as the option to bring in data from different sources to build your model.
The Smart Prediction Assistant uses the AutoPrediction algorithm to determine the data type as categorical or numeric and carry out the prediction.
You can gain familiarity with this new Smart Assistant through the MLTK Showcase, accessed under its own tab. The Showcase examples for Smart Prediction include:
- Predict Disk Utilization
- Predict the Presence of Vulnerabilities
Splunk Machine Learning Toolkit Showcase | Experiment Assistants overview |
This documentation applies to the following versions of Splunk® Machine Learning Toolkit: 5.3.3, 5.4.0, 5.4.1, 5.4.2, 5.5.0
Feedback submitted, thanks!