Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

MLTK LogisticRegression probabilities=true only showing first event probability

eduardoduarte
Explorer
‎09-08-2021 01:53 AM

I Have trained a LogisiticRegression model by using TFIDF data (3K events in a month) as input successfully using probabilities=true

In the fit process it shows the probabilities of everything correctly, I can even do a ROC curve analysis. 

The problem comes when use the model by doing a new search and TFIDF the data, and right after the  "|apply logistic_model probabilities=true"  to new data (say... last 24 hours). The behavior is that it only shows the probabilities for the first event (sometimes two or three but not all if I apply the model to "old data") and the others appear blank but the predicted field appears correctly.

Now, if I do a search and I apply only the TFIDF_model, without the apply logistic_model and then I "|loadjob  123ABC"  having only the TFIDF data calculated previously and then  Iapply the model to the loaded job of TFIDF data, the probabilities appear magically.

I am almost sure this is a bug, but I want to know if there is some workaround ?

 

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top