All Apps and Add-ons

What type of "technique" do commands like predict, associate or cluster use?

rosho
Communicator

Hi

In Splunk Enterprise there are some commands (ex: predict, associate, cluster); that already do their work. But in MLTK there are the algorithms that more and less do the same.

My question is:
How do those Splunk's commands work? What type of "technique" do they use to predict, associate or cluster? Is it statistics?

PREDICT = we can do it with algorithms like: ARIMA, Logistic regression, etc

ASSOCIATE = we can do it with algorithms like: Apriori, FP-growth, etc

CLUSTER = DBSCAN, K-means

Thank you

1 Solution

niketn
Legend

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn
Legend

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...