All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the best upgrade path for Machine Learning Toolkit in a distributed deployment?

kcnolan13
Communicator
‎01-30-2017 07:17 AM

Let's say you have a few search heads and ten or so indexers all running Splunk 6.2, and you want to upgrade your environment in the least intrusive way so you can use the Machine Learning Toolkit.

First off, is the Machine Learning Toolkit (and underlying Python for Scientific Computing add-on) only compatible with Splunk 6.5 and up? Or can it work on 6.4 as well? And more importantly, does it come built-in with Splunk 6.5 or does it (and the scientific computing add-on) still have to be installed by hand after upgrading to 6.5? If so, is there a good way to automate that process?

Overall, what is the safest and most efficient approach for upgrading this kind of environment to leverage the new functionality? What kinds of hitches would you be likely to encounter?

0 Karma
Reply

hjauch_splunk
Splunk Employee
Splunk Employee
‎01-30-2017 09:55 AM

The Machine Learning Toolkit requires Splunk Enterprise 6.4 or later. The MLTK and PSC are separate apps that have to be installed in addition to Splunk Enterprise.

Refer to installation instructions here: http://docs.splunk.com/Documentation/MLApp/2.0.1/User/Installandconfigure

The installation instructions referenced above also cover distributed deployments.

0 Karma
Reply

kcnolan13
Communicator
‎01-30-2017 11:51 AM

Thanks! Regarding the last portion of the question, I'd like to know what the most common way to deploy these apps is in an environment with several search heads and many more indexers (not a "cluster", but yes a distributed search environment). I've heard a bit about automated app deployment, but I'm not sure how commonly it's really used and if it works in an environment where your indexers are not formally "clustered", but are participating in distributed searches.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...