All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DGA App for Splunk: 4. Operationalize Machine Learning dashboard load error

criticalstartms
Explorer
‎03-13-2018 12:28 PM

I install and configured the DGA App. All components installed and configured correctly, but on test the 4. Operationalize Machine Learning>SupportVectorMachine gives the error: Error in 'apply' command: Failed to load model "dga_SVM": Model does not exist.
I checked /opt/splunk/etc/apps/dga_analysis/lookups/__mlspl_dga_svm.csv exists and it does, with permissions Global (Write: Admin Read: Everyone)
Splunkd.log has this error:
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - Error in 'apply' command: Failed to load model "dga_SVM":
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

View solution in original post

Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:19 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

Reply
Solved! Jump to solution

criticalstartms
Explorer
‎03-13-2018 12:57 PM

DGA version 2.4 Thanks for the update... of all the things I thought of case sensitivity was not one of them.

Thanks Philipp!

0 Karma
Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:21 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution

bateden
Engager
‎07-15-2018 05:36 AM

Worked 😉
Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...