I'm attempting to utilize a lookup to pass static strings to create 'stats' commands. The result is sent to the search but it's treated as a large string instead of the various  values/statistical operations that are part of the search. I'm wondering if there's a way to get Splunk to interpret the command as intended. ... View more

I'm attempting to add some new fields to leverage the Asset Extraction for our Notables. As of today, we have what appear to be the default values: src,dest,dvc,orig_host. From my experience, when src/dest are present in a search, the priority value is automatically assigned to the notable, and I believe that functionality is happening via this setting. I'm wanting to add the src_ip/dest_ip fields that are leveraged in most of our searches to obtain the priority value from our assets inventory. However, after running a test by adding dest_ip to the entries with a search with dest_ip populated, it didn't pull the priority value as expected. I'm wondering if there maybe a piece I'm missing that I should verify or if there may have been replication time I needed to account for. ... View more

I'm utilizing Principal Component Analysis (PCA) on a RandomForestRegressor model to process some of the text fields in my data, which results in a certain number of PCA fields (around 30, I would say). The model look good upon the initial `fit` from within the experiment window, so I saved the model and scheduled a training run to occur every morning. However, the scheduled training fails with a 'Usecols do not match columns, columns expected but not found' failure. It normally reports a handful of PC_* fields on the higher end of the range (like PC_27 - PC_31) not being found. The error appears to be related directly to the pandas python library but I don't have the capability to troubleshoot the code itself and hoping to resolve the issue via MLTK. Can anyone assist? ... View more