I am installing the DGA App for Splunk and all its other necessary packages on a Splunk 6.5.5 environment on a freshly upgraded to 3.1.1 Machine Learning Toolkit, but am getting stuck on setup process post installation.
From the app I navigate to the dashboard '0. Setup' it gives a simple set of instructions to follow, but I am getting stuck on Step 8 which wants me to go to the third dashboard (Create Machine Learning Models). According to the steps I should be able to create machine learning models on that dashboard. However once the panels load I see results in all but the bottom panel "Cache results of model generation for next iteration". The panel has a message indicating it is waiting for input, but the page has nowhere for me to input anything. By looking at the search behind the panel I can see it looks like there is an open quote, but I am not sure if I am overlooking something specific to machine learning searches/commands.
Below is the search for the panel which is waiting for input:
| inputlookup dga_algos
| map search="| inputlookup dga_domains_features
| search partition_number=1
| apply \"$algo$\"
| \`confusionmatrix(class,\"predicted(class)\")\`
| eval Algorithm=\"$algo$\""
| outputlookup dga_model_results
Is there something major I am overlooking on the steps? Or has anyone else had any issues like this?
Full setup instructions from dashboard below:
... View more