All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you feed data from an existing Splunk data model into the Splunk Machine Learning Toolkit?

collinlorb
Engager
‎11-01-2018 10:49 AM

With the ML tool kit, I see that you can | inputlookup data from a .CSV file. But what if you want to pull from tables that have data changing continuously?

We have data models in Splunk with the data I am looking for, but I can't find the correct method, or syntax, for bringing it into the ML tool kit.

Any insight would be greatly appreciated.

Thanks,

0 Karma
Reply

aoliner_splunk
Splunk Employee
Splunk Employee
‎11-01-2018 11:03 AM

Any data that can be retrieved by a Splunk search can be used with the ML Toolkit, including data from indexes or third-party data sources like Hadoop (with Splunk Hadoop Connect). You simply append that search with the applicable | fit ... or | apply ...

0 Karma
Reply

collinlorb
Engager
‎11-01-2018 12:38 PM

In the MLTK, how do I search for data that is located in a data model, inside of Splunk Datasets?

0 Karma
Reply

aoliner_splunk
Splunk Employee
Splunk Employee
‎11-01-2018 01:26 PM

The same way you search for data in a Data Model anywhere else in Splunk. For example:
| datamodel network_traffic search | search tag=destination

0 Karma
Reply

grana_splunk
Splunk Employee
Splunk Employee
‎11-01-2018 11:01 AM

Hey Collin,

If I understand your question correctly, you are running search through inputlookup command on searchbar.

| inputlookup in showcase is just for example purpose for new users. Replace it with actual search using index or data model. Once you are done with creating models, schedule a training for regularly updating model on new incoming data.

Reply

collinlorb
Engager
‎11-01-2018 12:39 PM

I was using | inputlookup to bring in .csv files for experimentation. How do I search for data that is already in the data model inside of Splunk Datasets?

0 Karma
Reply

grana_splunk
Splunk Employee
Splunk Employee
‎11-01-2018 01:22 PM

In the assistant , you can see the raw data preview if you scroll down or you can do it in search tab and bring that SPL to assistant.

0 Karma
Reply

collinlorb
Engager
‎11-02-2018 04:37 AM

Yes this what I needed to do. Essentially | From

0 Karma
Reply

grana_splunk
Splunk Employee
Splunk Employee
‎11-02-2018 10:11 AM

if it has solved your query, please mark it as accepted answer.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...