All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Relationship between Experiments and Models in MLTK

jpawloski
Path Finder
‎11-07-2019 10:21 AM

So I've been using the Cluster Numeric Events Experiment in Splunk and have saved a version of the model using the save button on the upper right. When I head out to the experiments page, I see a Model Name of 'exp' with a large string of alphanumeric characters that follow. When I attempt to apply this model in searches, Splunk tells me it doesn't exist. I also have this model running nightly training.

With previous iterations of this model, I've used the Open in Search option available on the experiment page and have manually created models using the resulting search, replacing '_exp_draft' with something more descriptive. The alphanumeric string values were left intact. Now I can use this model but how does the nightly training on the _exp model affect this model? Also, if I wanted to apply a partial fit, how would I go about doing that, since I don't see a way to tell the experiment to utilize it within it's training schedule.

0 Karma
Reply

sslepian_splunk
Splunk Employee
Splunk Employee
‎11-19-2019 01:12 PM
  1. I'm not sure why you're unable to apply the _exp... model - I would guess that there's Splunk permissions issue. Are you trying to apply it from another user or app? Experiment models are scoped to the user/app that created them.
  2. The _exp... prefix tells you that this model is controlled by the Experiment - any alerts created from the Experiment will use this model, scheduled training will overwrite this model, etc.
  3. If you'd like to use this model outside an Experiment, the recommended approach is using the "Publish" function, which will clone the Experiment's models to a location of your choice (and allows you to specify a different name). Note that this is a one-time action - it'll export the current state of your model, but if your model changes you would need to Publish again.
  4. Experiments don't support partial fit at this time - you would need to use the "fit" command on the search page to do that.
0 Karma
Reply

jpawloski
Path Finder
‎11-21-2019 09:35 AM

Answer to question 1: I'm building the model through the MLTK but attempting to use it in a different app. so that might explain that. Now I'm able to use the renamed version of the model I create manually after I set it to Global on the Models page but it sounds like training will not be applied to this renamed model. Is that correct?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...