Splunk Machine Learning in a Few Clicks | CyberNcrypt
Splunk customers want to use machine learning (ML) in their environments, but many are unsure how to do so or even where to begin. That wait is now over. Splunk has released some new apps that provide machine learning services.
The Splunk Machine Learning Toolkit (MLTK) is extremely powerful, offering both guided and custom approaches to ML, and has proven to be extremely popular with our customers, ranking as one of the most-downloaded Splunkbase apps. Still, many users are looking for one-click-style experiences in which they can leverage the promise of ML to simplify previously complex and time-consuming tasks without engaging in any of the rituals associated with operationalization.
To meet this growing demand, Splunk announced the release of three new Splunk Works beta apps: Anomaly Detection Assistant for Splunk (beta), Smart Alerts Assistant for Splunk (beta), and SPL Copilot for Splunk (beta). These applications are intended to make machine learning (ML) more accessible to Splunk customers. This blog will go over each of the applications briefly, giving an overview of how they might be used.
Splunk Machine Learning Toolkit (MLTK)
The Machine Learning Toolkit (MLTK) is a Splunkbase app that is available to Splunk Enterprise and Splunk Cloud Platform users. The Machine Learning Toolkit is a Splunk platform extension that includes new Search Processing Language (SPL) search commands, macros, and visualizations.
The machine learning process
Machine learning is the process of learning to generalize from examples. The machine learning process should ideally consist of a series of steps, beginning with data collection and ending with the deployment of your machine learning model.
- Collect Data: Gather available information such as CPU percentages, memory utilization, server temperatures, disc space, and sales figures.
- Clean/Transform: The data should be cleaned and transformed. All machine learning requires a number matrix as input. If you collect data with missing values, you must clean and transform the data until it is in the format required by machine learning.
- Explore/Visualize: Investigate and visualize the data to ensure that it encodes what you expect it to encode.
- Model: Create a model using training data.
- Evaluate: Analyze the model testing data.
- Deploy: Deploy the model on previously unseen data.
In theory, the machine learning process follows those steps, but in practice, it is rarely linear.
You may evaluate your model, discover that its performance is not producing the expected results, and return to further clean and transform the data. Perhaps the data has too many missing values, is incomplete, is incorrectly weighted, or has a unit disagreement. Iterate through the machine learning process until the model produces the desired machine learning results.
The machine learning process can be time-consuming and may necessitate the use of multiple tools, team members, and context switches. However, with the Machine Learning Toolkit, the entire process, from data ingest to report creation, can take place within the Splunk platform.
References:
