Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is this a suitable use case for the Splunk Machine Learning Toolkit?

hmallett
Path Finder
‎01-04-2021 06:04 AM

Suppose I have two sets of data:

  • Workers, who have attributes such as location, pay grade, role, department, skills.
  • Roles, which have attributes such as location, pay grade, role, department.

If I also have a mapping of which workers have been assigned which roles in the past, including an attribute of whether the assignment was considered a success or a failure, could I use the past data to train a model and assign some predicted success/failure score to each possible worker/role combination?

Note that it wouldn't be necessary for a worker and role to have attributes which are exact matches, but I might expect a model to identify combinations which have been successful in the past (E.g. a worker was in the IT department, and was successfully matched with a role in the Security department), and learn from that.

I have looked at the documentation for the MLTK Showcase Examples and I'm not sure that any of the examples closely match what I would like to achieve.

Does this sound feasible?

Thanks.

0 Karma
Reply

Yolan
Explorer
‎01-04-2021 06:58 AM

In general ML can do this, however the data you are describing is very discrete. For example, both Workers and Roles have a paygrade, but learning something about this can be prove challenging for an ML algorithm. A new worker might not have the exact same paygrade as a previous worker, so creating a new feature which calculates the difference between the paygrade of the role and the worker is more beneficial. Worker/Role combination with a higher paygrade difference might be more likely to succeed.

It is similar to how you would evaluate it yourself. Having features that are easily comparable to each other helps the algorithm learn.

I think what you want as an input is a worker/role combination including their attributes and maybe some extra feature like the one I mentioned. As output you should get a success/failure condition, possibly with a confidence value for how likely the answer is. That way you can train it using the same information.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...