All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DGA App for Splunk: 4. Operationalize Machine Learning dashboard load error

criticalstartms
Explorer
‎03-13-2018 12:28 PM

I install and configured the DGA App. All components installed and configured correctly, but on test the 4. Operationalize Machine Learning>SupportVectorMachine gives the error: Error in 'apply' command: Failed to load model "dga_SVM": Model does not exist.
I checked /opt/splunk/etc/apps/dga_analysis/lookups/__mlspl_dga_svm.csv exists and it does, with permissions Global (Write: Admin Read: Everyone)
Splunkd.log has this error:
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - Error in 'apply' command: Failed to load model "dga_SVM":
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

View solution in original post

Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:19 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

Reply
Solved! Jump to solution

criticalstartms
Explorer
‎03-13-2018 12:57 PM

DGA version 2.4 Thanks for the update... of all the things I thought of case sensitivity was not one of them.

Thanks Philipp!

0 Karma
Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:21 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution

bateden
Engager
‎07-15-2018 05:36 AM

Worked 😉
Thanks!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...