All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Apply command on a large field

KrithikaRamakri
Explorer
‎08-11-2018 12:38 AM

Hi everyone, I am trying to apply logistic regression to predict phishing based on a baseline of phishing emails data. But, the issue I am facing is that, the apply command execution inside Splunk is not consistent, it was working fine, but now, the job is stuck at Finalizing.
When I inspected the job, it has these 2 errors.

  1. With the python csv module - Error: field larger than field limit splunk
  2. With the apply command - Error in 'apply' command: Failed to load model

I have tried clearing the cache, recreating the fit and apply model, nothing works. Not sure how to resolve this issue. Can someone please help me on this?

Reply

grana_splunk
Splunk Employee
Splunk Employee
‎11-01-2018 11:50 AM

Can you check the mlspl.log? Its under $SPLUNK_HOME/var/log/splunk and share the error message here.

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎08-14-2018 06:41 AM

This is most likely a hardware limitation. Have you attempted to predict then do a partial fit on new data coming in? How big is your data set? How far back are you looking? Have you attempted to normalize your data through pre-processing? Whats your hardware look like?

https://docs.splunk.com/Documentation/MLApp/3.3.0/API/Methodcallingconvention

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-12-2018 05:43 AM

I think this can be resolved by increasing the default kv limit value as described here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/Extractfieldsfromfileswithstructureddata#Stru...

Can you try increasing kv in limits.conf, restarting splunk and then trying again?

Thanks,
Jkat

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎08-12-2018 05:43 AM

I think this can be resolved by increasing the default kv limit value as described here:

http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/Extractfieldsfromfileswithstructureddata#Stru...

Can you try increasing kv in limits.conf, restarting splunk and then trying again?

Thanks,
Jkat

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...