All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Will the Machine Learning ToolKit analyze data for hosts running a universal forwarder?

mikemohawk
Explorer
‎04-13-2018 11:02 AM

I have a POC with a Linux, AIX and 2 Windows hosts running forwarders. The Splunk Web server is a Rhel 7.4 host and is the Search Head and Indexer. I have loaded the Machine Learning Tool Kit on it. If I want to analyze data from the forwarded hosts, do I need to install anything on them or should it be able to analyze them?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎04-13-2018 12:19 PM

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎04-13-2018 12:19 PM

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

0 Karma
Reply
Solved! Jump to solution

mikemohawk
Explorer
‎04-13-2018 12:44 PM

Thank you that's exactly what I was looking to hear Kevin. I have installed Python.

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎04-13-2018 11:36 AM

Hmmm are you getting some error. I have in the past tried to do something similar, basically I used cisco vpn logs forwarded to a splunk instance and ran some ML on it.
What I found out was not that I was having issues with the ML toolkit, but there was some issues with the forwarder.
I guess what I am trying to say is - if your splunk is able to index the forwarded data,ML will work absolutely fine.
In case you receive some specific errors from the ML part only, can you kindly re-post the same here?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
li.common.scroll-to.top