Hi,
I tried the below query to fit my model,
sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command,user_name" into mymodel threashold=0.05 dist=norm
I am getting the following error,
Error in 'fit' command: Error while initializing algorithm "DensityFunction": Algorithm "DensityFunction" cannot be loaded
I have tried with LocalOutlierFactor algorithm too but getting the same error.
Please suggest.
are you running it in Indexer cluster?
are you able to run examples from ML toolkit?
can you check if DensityFunction available in your ML Toolkit on search head. you can check in settings of ML ToolKit.
Yes The issue is I am using version 3.4 where only OneClassSVM algorithm is supported.
there are many improvements in latest version of ML Toolkit. I advise you to upgrade it to latest version.
sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command,user_name" into mymodel threashold=0.05 dist=norm
https://towardsdatascience.com/feature-engineering-for-machine-learning-3a5e293a5114?gi=3ea8b5b00f7d
Hello @thambisetty
Yes I agree with your features part which will give us the fine ML model.
But before diving into data set tuning I just wanted to check if it is giving any results as below,
sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command" into mymodel
I have removed the user_name part mentioned earlier.But still I am facing the same error as below,
Error in 'fit' command: Error while initializing algorithm "DensityFunction": Algorithm "DensityFunction" cannot be loaded