All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is it possible to use the cross-validation in the Machine Learning Toolkit and Showcase app?

nnetz
New Member
‎06-08-2016 04:00 AM

Hello,

Is it possible to use the cross-validation in the Machine Learning Toolkit and Showcase app?

0 Karma
Reply

gabrcg
New Member
‎01-10-2019 04:52 AM

Cross validation is already in the ToolKit:
https://docs.splunk.com/Documentation/MLApp/4.1.0/User/ScoreCommand#K-fold_scoring

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎08-23-2017 05:35 PM

The assistants for Predict Numeric Fields and Predict Categorical Fields do 2-fold cross validation for you, automatically. You can select the train-test ratio of your choosing.

0 Karma
Reply

melonman
Motivator
‎07-14-2016 03:23 PM

Well, if you look for automated cross validation or single command to perform cross validation, maybe the answer is probably No at this moment.

Here is what I do for now.

For example, K-Fold cross validation where K=5, you could split your data into partitions (like into 5) using sample command.

... search to get your dataset | sample partitions=5

This will add partition_number to dataset so you can specify the number to get a part of data.
Then, and use partition 1(1/5 of data) to create model (use as train) and rest of data to use for test.

... search to get your dataset | sample partitions=5 | where partition_number=0 | fit ... into your_model | ..

and test with the rest

... search to get your dataset | sample partitions=5 | where partition_number!=0 | apply your_model | ..

then calculate errors and consolidate the result from each validation.

maybe you can automate this by other splunk job scheduling technologies... (scheduled search, summary index + some dashboard)

Reply

gabrcg
New Member
‎01-10-2019 04:52 AM

To apply the k-fold cross validation (using 5 folds as in the above example), you should train with 4 folds, and then test with 1 fold. The code example is doing the opposite. So, it should be:

Train with 4 folds

 | sample partitions=5 seed=1| where partition_number!=0 | fit ... into your_model |

Test with 1 fold

 | sample partitions=5 seed=1| where partition_number=0 | apply your_model
0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎08-23-2017 03:06 PM

Make sure you a set a seed in the sample! E.g.

| sample partitions=5 seed=42
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...