Splunk ML Toolkit - Why this error "External searc...

Splunk Enterprise

Hi all,

I have a dashboard that uses the time series forecast from Splunk Machine Learning Toolkit. Until few weeks ago we were using it with Splunk 8.0.2 and ML Toolkit version 5.2.1 and it was working fine. After upgrading to Splunk 8.2.4 the "predict" command is returning the following error:

External search command 'predict' returned error code 1. .

I also tried to upgrade the ML Toolkit to version 5.3.1 which states to be compatible with Splunk 8.2.4 and with Python3 (I suppose this is the issue) but the error still occurs.

Here's my search:

index=myindex earliest=-5w@w latest=now 
| timechart span=10m count 
| predict "count" as prediction algorithm=LLP holdback=100 future_timespan=300 period=1008 upper75=upper75 lower75=lower75 
| `forecastviz(300, 100, "count", 75)`

Before the Splunk upgrade it was working correctly.

Anyone had the same issue after upgrading Splunk and can help me fix it? Thanks!

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with another ...