All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Machine Learning Toolkit: Is there a way to import a trained model into Splunk?

Rinkesh88
Engager
‎03-01-2017 11:45 AM

Hi, I am training a random forest model with large amount of data outside of Splunk (on spark). I need to import this model into Splunk. I am not able to use the Splunk Machine Learning Toolkit as training a random forest with large data and n_estimators>100 results in memory errors. Is there a way to import a trained model into Splunk which can then be used to "apply" on new data? Thanks.

Reply

yangzd
Splunk Employee
Splunk Employee
‎03-01-2017 12:44 PM

Hi,

As of now, MLTK does not support importing a trained model from outside of Splunk.

There are several ways that you could try:

  1. Use random forest algorithm in MLTK to train a native MLTK model, you can just change the max_memory_usage_mb stanza in the mlspl.conf file to allow higher memory usage.

  2. Write a custom algorithm that reads your trained model and translate the parameters and pass into sklearn models, then run on your data. It may not be trivial in your use case due to the complexity of decision tree.

  3. Write a custom search command that sends Splunk data to your environment where you trained your model, make predictions and send back to Splunk. This requires good understanding of Splunk custom search command and extra integration work.

Reply

grana_splunk
Splunk Employee
Splunk Employee
‎03-01-2017 12:24 PM

Hi,

Currently we do not support importing of models in Machine Learning Toolkit but I have a workaround for memory errors

  1. Go to /home/splunk/splunk/etc/apps/Splunk_ML_Toolkit/default/mlspl.conf and increase memory limit for your algorithm
  2. Restart Splunk
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...