All Apps and Add-ons

Will the Machine Learning ToolKit analyze data for hosts running a universal forwarder?

mikemohawk
Explorer

I have a POC with a Linux, AIX and 2 Windows hosts running forwarders. The Splunk Web server is a Rhel 7.4 host and is the Search Head and Indexer. I have loaded the Machine Learning Tool Kit on it. If I want to analyze data from the forwarded hosts, do I need to install anything on them or should it be able to analyze them?

Thanks

0 Karma
1 Solution

kmorris_splunk
Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

View solution in original post

0 Karma

kmorris_splunk
Splunk Employee
Splunk Employee

No, there is nothing required on the forwarders to use the Machine Learning Toolkit. The toolkit allows you to build models which you apply to the data you have ingested into Splunk. You will need the Python for Scientific Computing Add-on installed on the Search Head however.

Requirements

You must install the Python for Scientific Computing Add-on before installing the Machine Learning Toolkit. Please download and install the appropriate version here:

Mac: https://splunkbase.splunk.com/app/2881/

Linux 64-bit: https://splunkbase.splunk.com/app/2882/

Linux 32-bit: https://splunkbase.splunk.com/app/2884/

Windows 64-bit: https://splunkbase.splunk.com/app/2883/

0 Karma

mikemohawk
Explorer

Thank you that's exactly what I was looking to hear Kevin. I have installed Python.

0 Karma

Sukisen1981
Champion

Hmmm are you getting some error. I have in the past tried to do something similar, basically I used cisco vpn logs forwarded to a splunk instance and ran some ML on it.
What I found out was not that I was having issues with the ML toolkit, but there was some issues with the forwarder.
I guess what I am trying to say is - if your splunk is able to index the forwarded data,ML will work absolutely fine.
In case you receive some specific errors from the ML part only, can you kindly re-post the same here?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...