Installing the Machine Learning Toolkit
The Splunk Machine Learning Toolkit extends Splunk with additional search commands, visualizations, assistants, and examples to assist in developing and working with machine learning concepts. Machine learning tools and processes can be applied to your Splunk data to assist in predictive analytics, trending, anomaly detection, and outlier detection.
This recipe will show you how to install the Machine Learning Toolkit and the necessary prerequisites, which will be used in Chapter 6, Diving Deeper – Advanced Searching, Machine Learning, and Predictive Analytics.
Note
For more information on the Machine Learning Toolkit, check out https://docs.splunk.com/Documentation/MLApp/latest/User/About.
Getting ready
To step through this recipe, you will need a running Splunk server with the operational intelligence sample data loaded. No other prerequisites are required.
How to do it...
Follow these steps to define an event type and associated tag:
- Log in to your Splunk server.
- From the
Appsmenu in the upper left-hand corner of the home screen, click on the gear icon. - The
Apps settingspage will load. Then, click on theBrowse More Appsbutton. - In the search field, enter
Scientific Computingand press enter. - The search results will return multiple Python for Scientific Computing apps — one for each different supported operating system (Windows and Linux 32-bit or 64-bit). In the search results, click on the
Installbutton for the app that matches the correct operating system you have Splunk installed on:
- Enter your
splunk.comcredentials, check the checkbox to accept the terms and conditions, and click onLogin and Install. Splunk should return with a message saying that the app was installed successfully. - If prompted to restart Splunk, click the
Restart laterbutton. - In the search field, enter
Machine Learningand press enter. - In the search results, click on the
Installbutton forSplunk Machine Learning Toolkit:
- Enter your Splunk.com credentials, check the checkbox to accept the terms and conditions, and click on
Login and Install. Splunk should return with a message saying that the app was installed successfully. - After the app has installed, click the Restart Splunk button. After Splunk restarts, log back in to Splunk. You should then, in the Apps launcher, see the Machine Learning Toolkit installed, as shown in the following screenshot:
How it works...
The Machine Learning Toolkit (MLTK) app is the main Splunk app that contains all the necessary knowledge objects and user interfaces that make working with machine learning possible. On its own, that would be enough to provide some basic functionality. However, to take advantage of more advanced machine learning concepts, Splunk needs to take advantage of additional Python libraries.
The Python for Scientific Computing add-on contains a Python interpreter bundled with the numpy, scipy, pandas, scikit-learn, and statsmodels libraries. These libraries are platform-specific, which is why the correct version must be installed.
The Machine Learning Toolkit also provides the ability to customize and extend the application with your own custom models and algorithms, which makes it a very powerful platform.
With the MLTK installed, you are now ready for Chapter 6, Diving Deeper - Advanced Searching, Machine Learning and Predictive Analytics.
