- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to do label encoding on categorical variables in splunk. I'm new to splunk and trying to explore hidden features. Can I also know how to split the fields as done in excel.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When using the Machine Learning toolkit - it will actually convert your categorical variables into indicator variables - columns of 0's and 1's automatically, behind the scenes. Pretty nifty! It uses panda's get_dummies to do this.
If you want to do so manually, you can try using eval:
| eval {fieldToEncode} = 1
| fillnull
The way this works: the { } around the field mean to take the field's value, and use that as the name for the field. Then we assign that to 1, and fill in all the blanks with zeros.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When using the Machine Learning toolkit - it will actually convert your categorical variables into indicator variables - columns of 0's and 1's automatically, behind the scenes. Pretty nifty! It uses panda's get_dummies to do this.
If you want to do so manually, you can try using eval:
| eval {fieldToEncode} = 1
| fillnull
The way this works: the { } around the field mean to take the field's value, and use that as the name for the field. Then we assign that to 1, and fill in all the blanks with zeros.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @aljohnson
If I want to encode Server_name column , should I use
| eval {Server_name} =1 ?
and extension of that question : suppose i have app_id column , which have values like 1234456122.xxxx
Now I want only the numerical part ,and want to remove the xxxx part...how do I do it in splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats one way you could do it - sure. You'd need to add the fillnull command in order to get the zeros in the columns though, too.
For your second question, you can use eval or rex or many other search commands to do that:
http://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/Eval
http://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/rex
http://docs.splunk.com/Documentation/Splunk/7.0.3/SearchReference/replace
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@aljohnson_splunk, can label encoding done the same way? I want to categorical variables into numbers with some sort of ranking to it. Is there any method for this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could use a lookup if the values are static and you know the categories before hand. Otherwise I'd think you need to add a custom algorithm - https://docs.splunk.com/Documentation/MLApp/3.2.0/API/Overview
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for the answer.
