All Apps and Add-ons

Will the Machine Learning ToolKit analyze data for hosts running a universal forwarder?

Explorer

I have a POC with a Linux, AIX and 2 Windows hosts running forwarders. The Splunk Web server is a Rhel 7.4 host and is the Search Head and Indexer. I have loaded the Machine Learning Tool Kit on it. If I want to analyze data from the forwarded hosts, do I need to install anything on them or should it be able to analyze them?

Thanks

0 Karma
1 Solution

Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma

Explorer

Thank you that's exactly what I was looking to hear Kevin. I have installed Python.

0 Karma

Champion

Hmmm are you getting some error. I have in the past tried to do something similar, basically I used cisco vpn logs forwarded to a splunk instance and ran some ML on it.
What I found out was not that I was having issues with the ML toolkit, but there was some issues with the forwarder.
I guess what I am trying to say is - if your splunk is able to index the forwarded data,ML will work absolutely fine.
In case you receive some specific errors from the ML part only, can you kindly re-post the same here?

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!