All Apps and Add-ons

What is Best Practice for streamed apply of MLTK models after removal of streaming_apply?


Hello Splunk Community!

In MLTK version 5.3.1, the streaming_apply feature was removed due to bundle replication performance issues. However, I am currently facing a problem where executing a continuously updated model in a distributed fashion across all available search peers in our Splunk Enterprise setup would be highly beneficial.

As information on this former functionality appears sparse, I wanted to inquire regarding best way to handle automatically replicating the trained model to the search peers and executing it there, if it is at all still possible.

A previous question asked here (How to export/import/share ML models between Splunk instances and external system? ) hinted at manually copying the model files into the target lookup folder as an alternative to using streaming_apply. With daily updates to the model, this is sadly not an option in our deployment.

Thanks for your help!

Best regards


Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...