Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- DGA App for Splunk: 4. Operationalize Machine Lear...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I install and configured the DGA App. All components installed and configured correctly, but on test the 4. Operationalize Machine Learning>SupportVectorMachine gives the error: Error in 'apply' command: Failed to load model "dga_SVM": Model does not exist.
I checked /opt/splunk/etc/apps/dga_analysis/lookups/__mlspl_dga_svm.csv exists and it does, with permissions Global (Write: Admin Read: Everyone)
Splunkd.log has this error:
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - Error in 'apply' command: Failed to load model "dga_SVM":
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DGA version 2.4 Thanks for the update... of all the things I thought of case sensitivity was not one of them.
Thanks Philipp!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worked 😉
Thanks!
Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform
Calling All Security Pros: Ready to Race Through Boston?
Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...
