All Apps and Add-ons

What is the best upgrade path for Machine Learning Toolkit in a distributed deployment?

kcnolan13
Communicator

Let's say you have a few search heads and ten or so indexers all running Splunk 6.2, and you want to upgrade your environment in the least intrusive way so you can use the Machine Learning Toolkit.

First off, is the Machine Learning Toolkit (and underlying Python for Scientific Computing add-on) only compatible with Splunk 6.5 and up? Or can it work on 6.4 as well? And more importantly, does it come built-in with Splunk 6.5 or does it (and the scientific computing add-on) still have to be installed by hand after upgrading to 6.5? If so, is there a good way to automate that process?

Overall, what is the safest and most efficient approach for upgrading this kind of environment to leverage the new functionality? What kinds of hitches would you be likely to encounter?

0 Karma

hjauch_splunk
Splunk Employee
Splunk Employee

The Machine Learning Toolkit requires Splunk Enterprise 6.4 or later. The MLTK and PSC are separate apps that have to be installed in addition to Splunk Enterprise.

Refer to installation instructions here: http://docs.splunk.com/Documentation/MLApp/2.0.1/User/Installandconfigure

The installation instructions referenced above also cover distributed deployments.

0 Karma

kcnolan13
Communicator

Thanks! Regarding the last portion of the question, I'd like to know what the most common way to deploy these apps is in an environment with several search heads and many more indexers (not a "cluster", but yes a distributed search environment). I've heard a bit about automated app deployment, but I'm not sure how commonly it's really used and if it works in an environment where your indexers are not formally "clustered", but are participating in distributed searches.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...