All Apps and Add-ons

What is the best upgrade path for Machine Learning Toolkit in a distributed deployment?

kcnolan13
Communicator

Let's say you have a few search heads and ten or so indexers all running Splunk 6.2, and you want to upgrade your environment in the least intrusive way so you can use the Machine Learning Toolkit.

First off, is the Machine Learning Toolkit (and underlying Python for Scientific Computing add-on) only compatible with Splunk 6.5 and up? Or can it work on 6.4 as well? And more importantly, does it come built-in with Splunk 6.5 or does it (and the scientific computing add-on) still have to be installed by hand after upgrading to 6.5? If so, is there a good way to automate that process?

Overall, what is the safest and most efficient approach for upgrading this kind of environment to leverage the new functionality? What kinds of hitches would you be likely to encounter?

0 Karma

hjauch_splunk
Splunk Employee
Splunk Employee

The Machine Learning Toolkit requires Splunk Enterprise 6.4 or later. The MLTK and PSC are separate apps that have to be installed in addition to Splunk Enterprise.

Refer to installation instructions here: http://docs.splunk.com/Documentation/MLApp/2.0.1/User/Installandconfigure

The installation instructions referenced above also cover distributed deployments.

0 Karma

kcnolan13
Communicator

Thanks! Regarding the last portion of the question, I'd like to know what the most common way to deploy these apps is in an environment with several search heads and many more indexers (not a "cluster", but yes a distributed search environment). I've heard a bit about automated app deployment, but I'm not sure how commonly it's really used and if it works in an environment where your indexers are not formally "clustered", but are participating in distributed searches.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...