I install and configured the DGA App. All components installed and configured correctly, but on test the 4. Operationalize Machine Learning>SupportVectorMachine gives the error: Error in 'apply' command: Failed to load model "dga_SVM": Model does not exist.
I checked /opt/splunk/etc/apps/dga_analysis/lookups/__mlspl_dga_svm.csv exists and it does, with permissions Global (Write: Admin Read: Everyone)
Splunkd.log has this error:
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - Error in 'apply' command: Failed to load model "dga_SVM":
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp
Hi,
I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.
Thanks in advance.
Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp
DGA version 2.4 Thanks for the update... of all the things I thought of case sensitivity was not one of them.
Thanks Philipp!
Hi,
I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.
Thanks in advance.
Worked 😉
Thanks!