Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is this a suitable use case for the Splunk Machine Learning Toolkit?

hmallett
Path Finder
‎01-04-2021 06:04 AM

Suppose I have two sets of data:

  • Workers, who have attributes such as location, pay grade, role, department, skills.
  • Roles, which have attributes such as location, pay grade, role, department.

If I also have a mapping of which workers have been assigned which roles in the past, including an attribute of whether the assignment was considered a success or a failure, could I use the past data to train a model and assign some predicted success/failure score to each possible worker/role combination?

Note that it wouldn't be necessary for a worker and role to have attributes which are exact matches, but I might expect a model to identify combinations which have been successful in the past (E.g. a worker was in the IT department, and was successfully matched with a role in the Security department), and learn from that.

I have looked at the documentation for the MLTK Showcase Examples and I'm not sure that any of the examples closely match what I would like to achieve.

Does this sound feasible?

Thanks.

0 Karma
Reply

Yolan
Explorer
‎01-04-2021 06:58 AM

In general ML can do this, however the data you are describing is very discrete. For example, both Workers and Roles have a paygrade, but learning something about this can be prove challenging for an ML algorithm. A new worker might not have the exact same paygrade as a previous worker, so creating a new feature which calculates the difference between the paygrade of the role and the worker is more beneficial. Worker/Role combination with a higher paygrade difference might be more likely to succeed.

It is similar to how you would evaluate it yourself. Having features that are easily comparable to each other helps the algorithm learn.

I think what you want as an input is a worker/role combination including their attributes and maybe some extra feature like the one I mentioned. As output you should get a success/failure condition, possibly with a confidence value for how likely the answer is. That way you can train it using the same information.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...