How to Dynamically save model name using a column ...

bhavesh0124 · ‎08-22-2023

Hi I have the following query for training a model. However, I want to save my model name using a single column value that comes from a lookup. In a nutshell, I want to save the model name dynamically.

index = "Abc"
fields Days, Count, Target
| sample partitions=100
| appendpipe
[ | search partition_number < 90 | fields - partition_number
| fit DecisionTreeRegressor "target" from * splitter=best into "model_name" apply=false ]

So currently the model name is "model_name" but I want it to come from a lookup, where there is single column and a single value.

@niketn @gcusello

bhavesh0124 · ‎08-28-2023

That worked! Thanks a lot

etoombs · ‎08-25-2023

I've never tried to make a model name dynamically, but have done it with outputlookup - maybe you can do something similar?

| outputlookup
[| makeresults
| eval filename=strftime(relative_time(relative_time(now(),"-1mon@mon"), "@m"), "filename_%B_%Y.csv")
| return $filename]

Something like:

How to Dynamically save model name using a column value?

eval

field extraction

fields

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation