All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Will the Machine Learning ToolKit analyze data for hosts running a universal forwarder?

mikemohawk
Explorer
‎04-13-2018 11:02 AM

I have a POC with a Linux, AIX and 2 Windows hosts running forwarders. The Splunk Web server is a Rhel 7.4 host and is the Search Head and Indexer. I have loaded the Machine Learning Tool Kit on it. If I want to analyze data from the forwarded hosts, do I need to install anything on them or should it be able to analyze them?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎04-13-2018 12:19 PM

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎04-13-2018 12:19 PM

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

0 Karma
Reply
Solved! Jump to solution

mikemohawk
Explorer
‎04-13-2018 12:44 PM

Thank you that's exactly what I was looking to hear Kevin. I have installed Python.

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎04-13-2018 11:36 AM

Hmmm are you getting some error. I have in the past tried to do something similar, basically I used cisco vpn logs forwarded to a splunk instance and ran some ML on it.
What I found out was not that I was having issues with the ML toolkit, but there was some issues with the forwarder.
I guess what I am trying to say is - if your splunk is able to index the forwarded data,ML will work absolutely fine.
In case you receive some specific errors from the ML part only, can you kindly re-post the same here?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...