All Apps and Add-ons

Will the Machine Learning ToolKit analyze data for hosts running a universal forwarder?

mikemohawk
Explorer

I have a POC with a Linux, AIX and 2 Windows hosts running forwarders. The Splunk Web server is a Rhel 7.4 host and is the Search Head and Indexer. I have loaded the Machine Learning Tool Kit on it. If I want to analyze data from the forwarded hosts, do I need to install anything on them or should it be able to analyze them?

Thanks

0 Karma
1 Solution

kmorris_splunk
Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma

kmorris_splunk
Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

0 Karma

mikemohawk
Explorer

Thank you that's exactly what I was looking to hear Kevin. I have installed Python.

0 Karma

Sukisen1981
Champion

Hmmm are you getting some error. I have in the past tried to do something similar, basically I used cisco vpn logs forwarded to a splunk instance and ran some ML on it.
What I found out was not that I was having issues with the ML toolkit, but there was some issues with the forwarder.
I guess what I am trying to say is - if your splunk is able to index the forwarded data,ML will work absolutely fine.
In case you receive some specific errors from the ML part only, can you kindly re-post the same here?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...