All Apps and Add-ons

What type of "technique" do commands like predict, associate or cluster use?

rosho
Communicator

Hi

In Splunk Enterprise there are some commands (ex: predict, associate, cluster); that already do their work. But in MLTK there are the algorithms that more and less do the same.

My question is:
How do those Splunk's commands work? What type of "technique" do they use to predict, associate or cluster? Is it statistics?

PREDICT = we can do it with algorithms like: ARIMA, Logistic regression, etc

ASSOCIATE = we can do it with algorithms like: Apriori, FP-growth, etc

CLUSTER = DBSCAN, K-means

Thank you

1 Solution

niketn
Legend

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn
Legend

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...