Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

fit command in MLTK detecting categorial outliers

Janani_Krish
Path Finder
‎09-17-2020 11:31 PM

Hi,

I tried the below query to fit my model,

sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command,user_name" into mymodel threashold=0.05 dist=norm

I am getting the following error,

Error in 'fit' command: Error while initializing algorithm "DensityFunction": Algorithm "DensityFunction" cannot be loaded

I have tried with LocalOutlierFactor algorithm too but getting the same error.

Please suggest.

Labels (1)
Labels
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-21-2020 12:56 AM

are you running it in Indexer cluster?

are you able to run examples from ML toolkit?

can you check if DensityFunction available in your ML Toolkit on search head. you can check in settings of ML ToolKit.

————————————
If this helps, give a like below.
Reply

Janani_Krish
Path Finder
‎09-23-2020 01:53 AM

Yes The issue is I am using version 3.4 where only OneClassSVM algorithm is supported.

0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-23-2020 03:39 AM

there are many improvements in latest version of ML Toolkit. I advise you to upgrade it to latest version.

————————————
If this helps, give a like below.
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-18-2020 01:22 AM

sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command,user_name" into mymodel threashold=0.05 dist=norm

  1. user_name used in by clause is not available in results because you have not renamed values(user_name) as user_name. 
  2. I advice you to understand how to identify features for ML algorithms. right features are very important to get more accuracy.

https://en.wikipedia.org/wiki/Feature_engineering#:~:text=Feature%20engineering%20is%20the%20process....

https://towardsdatascience.com/feature-engineering-for-machine-learning-3a5e293a5114?gi=3ea8b5b00f7d

 

————————————
If this helps, give a like below.
Reply

Janani_Krish
Path Finder
‎09-20-2020 11:18 PM

Hello @thambisetty 

Yes I agree with your features part which will give us the fine ML model.

But before diving into data set tuning  I just wanted to check if it is giving any results as below,

sourcetype=files command="*cmd.exe*" earliest=-90d@d latest=-1d@d|stats count values(file_path) values(user_name) values(action) by device_name,command| fit DensityFunction count by "device_name,command" into mymodel

I have removed the user_name part mentioned earlier.But still I am facing the same error as below,

Error in 'fit' command: Error while initializing algorithm "DensityFunction": Algorithm "DensityFunction" cannot be loaded

Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...