Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is this a suitable use case for the Splunk Machine Learning Toolkit?

hmallett
Path Finder
‎01-04-2021 06:04 AM

Suppose I have two sets of data:

  • Workers, who have attributes such as location, pay grade, role, department, skills.
  • Roles, which have attributes such as location, pay grade, role, department.

If I also have a mapping of which workers have been assigned which roles in the past, including an attribute of whether the assignment was considered a success or a failure, could I use the past data to train a model and assign some predicted success/failure score to each possible worker/role combination?

Note that it wouldn't be necessary for a worker and role to have attributes which are exact matches, but I might expect a model to identify combinations which have been successful in the past (E.g. a worker was in the IT department, and was successfully matched with a role in the Security department), and learn from that.

I have looked at the documentation for the MLTK Showcase Examples and I'm not sure that any of the examples closely match what I would like to achieve.

Does this sound feasible?

Thanks.

Labels (1)
Labels
0 Karma
Reply

Yolan
Explorer
‎01-04-2021 06:58 AM

In general ML can do this, however the data you are describing is very discrete. For example, both Workers and Roles have a paygrade, but learning something about this can be prove challenging for an ML algorithm. A new worker might not have the exact same paygrade as a previous worker, so creating a new feature which calculates the difference between the paygrade of the role and the worker is more beneficial. Worker/Role combination with a higher paygrade difference might be more likely to succeed.

It is similar to how you would evaluate it yourself. Having features that are easily comparable to each other helps the algorithm learn.

I think what you want as an input is a worker/role combination including their attributes and maybe some extra feature like the one I mentioned. As output you should get a success/failure condition, possibly with a confidence value for how likely the answer is. That way you can train it using the same information.

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...