MLTK deep dives overview
The Splunk Machine Learning Toolkit (MLTK) lets you create, validate, manage, and operationalize machine learning models through a guided user interface. If you're unsure where to get started with MLTK you can use this series of deep dives to get walk-throughs of implementing the machine learning (ML) search commands that ship with MLTK for specific ML goals.
You can follow each deep dive from start to finish and implement the same operational outcomes in your own Splunk platform environment. Each deep dive consists of some example data sources, sample SPL code, and instructions for implementing the analytic.
What makes ML different from other analytics in Splunk products?
Most analytics in the Splunk platform revolve around hard-to-find types of searches, where you are trying to spot a particular event or set of events that make up something of interest. For example, looking for memory errors on a server, or looking for a user running a process that is known to be malicious.
These types of analytics can usually be implemented with a single SPL search, whereas with ML you almost always need to run two searches: one to train a model, using the fit command, and one to apply a model, using the apply command.
The fit command is similar to the outputlookup command, and the apply is similar to the lookup. The apply stage is usually analogous with the hard-too-find detection search, but the training of models can seem unusual if you are new to machine learning.
To learn more about how the fit and apply commands behave, see About the fit and apply commands.
Available deep dives
The following deep dives are available:
- Deep dive: Using ML to detect user access anomalies
- Deep dive: Using ML to detect outliers in error message rates
- Deep dive: Using ML to detect outliers in server response time
- Deep dive: Using ML to detect network traffic anomalies
- Deep dive: Create a data ingest anomaly detection dashboard using ML-SPL commands
- Deep dive: Inference externally trained ONNX models with MLTK
See also
See the following resources to learn more about the Splunk Machine Learning Toolkit:
- What is the MLTK process?
- Preparing your data for machine learning
- Smart Assistants overview
- Configure algorithm performance costs
See the following resources to learn about the dedicated ML training course, our .conf archives, and numerous blog posts on the subject of machine learning and MLTK:
- Splunk 8.0 for Analytics and Data Science
- How Israel's Ministry of Energy applies Machine Learning to protect their Critical Infrastructure and OT Operations
- Augment your Security Monitoring Use Cases with MLTK's Machine Learning
- Anomaly Detection, Sealed with a KISS
- Cyclical Statistical Forecasts and Anomalies - Part 1
- Cyclical Statistical Forecasts and Anomalies - Part 2
- Cyclical Statistical Forecasts and Anomalies - Part 3
- Cyclical Statistical Forecasts and Anomalies - Part 4
- Cyclical Statistical Forecasts and Anomalies - Part 5
- Building Machine Learning Models with DensityFunction
- Anomalies Are Like a Gallon of Neapolitan Ice Cream - Part 1
- Anomalies Are Like a Gallon of Neapolitan Ice Cream - Part 2