Splunk Machine Learning Toolkit REST endpoints
The Splunk platform REST API gives you access to the same information and functionality available to core system software and Splunk Web. You can access the Splunk REST endpoints through both the services endpoint and the servicesNS endpoint.
The services endpoint allows for access to a resource in a general manner, without assigning any context or a namespace. The servicesNS endpoint allows for the addition of some context and a namespace when accessing the resource.
servicesNS endpoint.For more information see the Endpoints reference list in the Splunk Enterprise REST API Reference Manual and Access requirements and limitations for the Splunk Cloud Platform REST API in the Splunk Cloud Platform REST API Tutorials manual.
REST endpoints for ONNX models
ONNX is a model format specifically designed for facilitating the seamless exchange and sharing of models across different machine learning and deep learning frameworks such as sklearn, pytorch, and tensorflow.
The Splunk Machine Learning Toolkit (MLTK) provides the option to upload pre-trained ONNX models for inferencing in MLTK. You can train models in your preferred third-party environment, save the model in the .ONNX file format, upload the model file to MLTK, and then retrieve and inference that model in MLTK.
output_mode to json.REST endpoint paths use the admin route or user route. If a particular user wants to access these endpoints, they must put their username in place of admin, even if the authentication password is the user's.
You can use the REST endpoints offered by the Splunk platform through the Splunk daemon port, which by default is port 8089. You can also use localhost.
For single cloud instances, you can use the virtual machine (VM) IP in place of localhost.  In the event there is a Search Head Cluster you can use the main Deployment Server IP.
REST endpoints are available for the following ONNX model operations:
- Uploading a new ONNX model or overwriting the existing, already uploaded model.
- Listing existing, already uploaded ONNX models.
- Deleting an existing, already uploaded ONNX model.
Authentication
Authentication is required to access the REST endpoints. You can authenticate in the following ways:
- Basic authentication: User has basic authentication through their Splunk platform username and password
- Bearer authentication: User has authentication through a token. A token for a user can be generated by the admin and can be used by the intended user through the REST API. To learn more see Create authentication tokens in the Securing Splunk Enterprise manual.
Upload endpoint
You can use the REST endpoints offered by the Splunk platform through the Splunk daemon port, which by default is port 8089. For the example provided the Splunk instance is running on localhost.
Make sure you have the capabilities for ONNX model uploads turned on for the user, or else the endpoint will throw an error.
| Request type | Endpoint URL | Example | 
|---|---|---|
| POST |  | If the admin wants to upload an ONNX model under their namespace the URL will be as follows:  | 
Payload
The upload endpoint is the content type of multipart/form-data. See the following table for more information: 
| field name | Description | 
|---|---|
| model_name | The name you want to assign to this model. The model will appear on the Models tab of MLTK with the same name. Consequently, a lookup file is stored under the lookups section with the name format of __mlspl_{model_name}.onnx.mlmodel. | 
| features | The comma-separated list of feature names that will be fed to the ONNX model during inference. Make sure the comma-separated feature names match what shows in the UI. No validation check is performed. | 
| targets | The comma-separated list of target names that will be assigned as column names to the predictions made by the ONNX model. Make sure the comma-separated feature names match what shows in the UI. No validation check is performed. | 
| file | The model file with an extension of .ONNX. Model files without a .ONNX file extension cause an error. | 
List models endpoint
You can use the REST endpoints offered by the Splunk platform through the Splunk daemon port, which by default is port 8089. For the example provided the Splunk instance is running on localhost.
This endpoint gives a list of all ML models, including models that you have created through experiments and created manually. You can filter out the ONNX entries as those models have the extension of onnx.mlmodel.
| Request type | Endpoint URL | Example | 
|---|---|---|
| GET |  | If the admin wants to upload an ONNX model under their namespace the URL will be as follows:  | 
Delete model endpoint
You can use the REST endpoints offered by the Splunk platform through the Splunk daemon port, which by default is port 8089. For the example provided the Splunk instance is running on localhost.
If the file is not owned by the user accessing it, the REST endpoint will throw an error. If the file you are trying to delete does not exist, the REST endpoint will throw an error.
list_models endpoint.| Request type | Endpoint URL | Example | 
|---|---|---|
| DELETE |  | If the admin wants to delete an ONNX model with the name mlspl_testing.onnx.mlmodelunder their namespace, the URL will be as follows: |