Splunk Search

Is this a suitable use case for the Splunk Machine Learning Toolkit?

hmallett
Path Finder

Suppose I have two sets of data:

  • Workers, who have attributes such as location, pay grade, role, department, skills.
  • Roles, which have attributes such as location, pay grade, role, department.

If I also have a mapping of which workers have been assigned which roles in the past, including an attribute of whether the assignment was considered a success or a failure, could I use the past data to train a model and assign some predicted success/failure score to each possible worker/role combination?

Note that it wouldn't be necessary for a worker and role to have attributes which are exact matches, but I might expect a model to identify combinations which have been successful in the past (E.g. a worker was in the IT department, and was successfully matched with a role in the Security department), and learn from that.

I have looked at the documentation for the MLTK Showcase Examples and I'm not sure that any of the examples closely match what I would like to achieve.

Does this sound feasible?

Thanks.

Labels (1)
0 Karma

Yolan
Explorer

In general ML can do this, however the data you are describing is very discrete. For example, both Workers and Roles have a paygrade, but learning something about this can be prove challenging for an ML algorithm. A new worker might not have the exact same paygrade as a previous worker, so creating a new feature which calculates the difference between the paygrade of the role and the worker is more beneficial. Worker/Role combination with a higher paygrade difference might be more likely to succeed.

It is similar to how you would evaluate it yourself. Having features that are easily comparable to each other helps the algorithm learn.

I think what you want as an input is a worker/role combination including their attributes and maybe some extra feature like the one I mentioned. As output you should get a success/failure condition, possibly with a confidence value for how likely the answer is. That way you can train it using the same information.

Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...