Install the Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning integrates advanced custom machine learning and deep learning systems with the Splunk platform. Use the following directions to install the Splunk App for Data Science and Deep Learning.
Version dependencies
The Splunk App for Data Science and Deep Learning (DSDL) relies on the Splunk Machine Learning Toolkit (MLTK) app. See the following table to ensure you are running compatible versions of the apps:
| DSDL version | MLTK app version | PSC add-on version | Python version | Splunk platform version |
|---|---|---|---|---|
| 5.0.0 | 5.4.0 | 3.1.0 or 4.1.0 | 3 | Splunk Enterprise 8.1.x, 8.2.x, 9.0.0, or 9.0.1 or Splunk Cloud Platform |
| 5.0.0 | 5.3.3 | 3.0.2, 3.1.0, 4.0.0, or 4.1.0 | 3 | Splunk Enterprise 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.3.1 | 3.0.0, 3.0.1, or 3.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.3.0 | 3.0.0, 3.0.1, or 3.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, 8.2.x, or 9.0.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.2 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.1 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.2.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x, 8.1.x, or 8.2.0 or Splunk Cloud Platform |
| 5.0.0 | 5.1.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x or 8.1.x or Splunk Cloud Platform |
| 5.0.0 | 5.0.0 | 2.0.0, 2.0.1, or 2.0.2 | 3 | Splunk Enterprise 8.0.x or 8.1.x or Splunk Cloud Platform |
Where to install the Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning works both on-premises and on Splunk Cloud Platform. You must provide additional security and configurations such as IP address and port allow listing through ACS for Splunk Cloud Platform. For distributed Splunk Enterprise deployments, install DSDL on the search head or search head cluster. You don't need to install DSDL on indexers.
The two typical scenarios for setting up DSDL are single-instance and side-by-side:
- Single-instance runs the containers on the same instance as the Splunk search head. This setup is useful for local development purposes or for small to medium sized production environments.
- Side-by-side is typically used for production environments where the search head connects to a dedicated Kubernetes cluster or dedicated Docker host.
Install the Splunk App for Data Science and Deep Learning
App installation includes some pre-requisites and installation steps.
Prerequisites
You must complete the following prerequisites to successfully run the Splunk App for Data Science and Deep Learning:
- Splunk Enterprise 8.1.x or higher, or Splunk Cloud Platform.
- Install the Splunk Machine Learning Toolkit (MLTK) app.
- Set the Machine Learning Toolkit app permissions to Global so that knowledge objects are shared.
- Install the Python for Scientific Computing (PSC) add-on.
- A Docker, Kubernetes, or OpenShift environment.
- An internet connection is required to pull the prebuilt Docker container images from the public Docker hub repository.
- If you use Docker in an air-gapped environment, see Configure the Splunk App for Data Science and Deep Learning.
Steps
Follow these steps to install the Splunk App for Data Science and Deep Learning:
- Download and install the Splunk App for Data Science and Deep Learning from Splunkbase.
- Install the Splunk App for Data Science and Deep Learning from the Manage Apps tab. In Splunk Web, select the Manage Apps icon next to Apps in the left navigation bar.
- On the Apps page, select Install app from file.
- Select Choose File to navigate to and select the package file for the Splunk App for Data Science and Deep Learning. Then click Open.
- Select Upload.
- Restart your Splunk instance after installing the Splunk App for Data Science and Deep Learning.
- Ensure your internet connected Docker, Kubernetes, or Openshift environment is accessible with permissions to pull the prebuilt MLTK container images and start containers.
- Set up the Splunk App for Data Science and Deep Learning by connecting it to your environment using the Configuration > Setup page of the app.
- Test the connection and save the configuration.
- Start a development container from the Containers tab of the app.
CAUTION: Data is sent from a Splunk search head to containers using HTTPS for the endpoint URL. A self-signed certificate is provided with the app which works with the prebuilt images. For further security requirements talk to your system administrators about the set up of the app and your Docker, Kubernetes, or OpenShift environment.
- Depending on your selected image (Golden Image CPU or GPU), run one of the following examples from the Examples tab to verify that the Splunk App for Data Science and Deep Learning is working:
- Neural Network Classifier Example for Tensorflow
- Logistic Regression Classifier Example for PyTorch