All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

DGA App for Splunk: 4. Operationalize Machine Learning dashboard load error

criticalstartms
Explorer
‎03-13-2018 12:28 PM

I install and configured the DGA App. All components installed and configured correctly, but on test the 4. Operationalize Machine Learning>SupportVectorMachine gives the error: Error in 'apply' command: Failed to load model "dga_SVM": Model does not exist.
I checked /opt/splunk/etc/apps/dga_analysis/lookups/__mlspl_dga_svm.csv exists and it does, with permissions Global (Write: Admin Read: Everyone)
Splunkd.log has this error:
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM":
03-13-2018 15:24:11.830 +0000 ERROR ChunkedExternProcessor - Error in 'apply' command: Failed to load model "dga_SVM":
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: RuntimeError: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.
03-13-2018 15:24:12.032 +0000 ERROR ChunkedExternProcessor - stderr: Failed to load model "dga_SVM": AuthenticationFailed, [HTTP 401] Client is not authenticated.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

View solution in original post

Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:19 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution
Solution

pdrieger_splunk
Splunk Employee
Splunk Employee
‎03-13-2018 12:53 PM

Hi criticalstartmssp, please try replacing „dga_SVM“ by „dga_svm“ in the dashboard drop down as token value. The spelling is case sensitive, that’s why the model is not found. What version of DGA App do you use? Let me know if that works and I will put it on next release fixes. Thanks, Philipp

Reply
Solved! Jump to solution

criticalstartms
Explorer
‎03-13-2018 12:57 PM

DGA version 2.4 Thanks for the update... of all the things I thought of case sensitivity was not one of them.

Thanks Philipp!

0 Karma
Reply
Solved! Jump to solution

aparna499154
New Member
‎07-20-2018 02:21 AM

Hi,

I could see dga_domains kvstore with class and subclass as input for the app.
How the class and subclass are being predicted . Please clarify . I am struck over there.

Thanks in advance.

0 Karma
Reply
Solved! Jump to solution

bateden
Engager
‎07-15-2018 05:36 AM

Worked 😉
Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...