All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk ML toolkit export Predictive models and Realtime scoring

thomas13t
Engager
‎03-12-2018 04:59 AM

Hello, I have a couple of questions regarding Splunk ML toolkit:

  1. Can I export Predictive models / algorithms from Splunk? If so what are the available exports: can it be code in python? can it be in R?

  2. The algorithms will need to run on (near)realtime data flows, can Splunk handle real time Predictive scoring? A scoring engine, something like SAS ESP (event stream processing), that can deployed separately form the Splunk instance?

Thx
Thomas

Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎03-12-2018 07:28 AM

Hello,

1) Splunk uses the Python Scientific Compute add-on for its algorithms, so no, you cant export it, but you can use the Python based scientific compute kit

https://docs.splunk.com/Documentation/MLApp/3.1.0/User/Installandconfigure

2) It depends on a lot of things. How you set up your models, your hardware, your sample size, how many independent variables you have etc.. It's possible, but it depends

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎03-12-2018 07:28 AM

Hello,

1) Splunk uses the Python Scientific Compute add-on for its algorithms, so no, you cant export it, but you can use the Python based scientific compute kit

https://docs.splunk.com/Documentation/MLApp/3.1.0/User/Installandconfigure

2) It depends on a lot of things. How you set up your models, your hardware, your sample size, how many independent variables you have etc.. It's possible, but it depends

0 Karma
Reply
Solved! Jump to solution

thomas13t
Engager
‎03-13-2018 08:43 AM

Ok Thank you,

So if I understood correctly it could be theoretical possible to decouple the analytic part (creation, test, and validation of predictive models) from a "scoring" engine where the models are deployed, the needed flow (and eventual extra KPis are calculated) are present?

Or with your 2 answer you are implying that the splunk instance will be called via API everytime a resource needs a scoring and reply with the correct score?

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...