All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What type of "technique" do commands like predict, associate or cluster use?

rosho
Communicator
‎07-22-2019 09:10 AM

Hi

In Splunk Enterprise there are some commands (ex: predict, associate, cluster); that already do their work. But in MLTK there are the algorithms that more and less do the same.

My question is:
How do those Splunk's commands work? What type of "technique" do they use to predict, associate or cluster? Is it statistics?

PREDICT = we can do it with algorithms like: ARIMA, Logistic regression, etc

ASSOCIATE = we can do it with algorithms like: Apriori, FP-growth, etc

CLUSTER = DBSCAN, K-means

Thank you

Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎08-09-2019 12:54 AM

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎08-09-2019 12:54 AM

@rosho please find the details below.

1) predict command uses Kalman's Filter. Refer to documentation.
2) associate command uses Shannon entropy (log base 2). Refer to documentation.
3) cluster command is used to bring similar events together and can be used to identify anomalies. I have not found the details on which algorithm powers it behind the scene, but I have requested Documentation Team couple of times through Splunk Docs feedback.

If you are interested in ARIMA, DBSCAN, KMEANS you can refer to Splunk Machine Learning Toolkit algorithms. Additional contributions for MLTK Algorithms are available on mltk-algo-contrib Git-hub as well.
In fact kmeans is also available as a command in Splunk Enterprise itself.

PS: With latest release of MLTK (4.2 and above) you will also get State Space Algorithm with Smart Forecasting Assistant which allows you to perform fit and apply.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...