Unleashing the Power of MLTK 5.5 for Scalable Anomaly Detection Mastery
Explore Anomaly Detection with Splunk!
Who wouldn’t be excited about the potential of anomaly detection with Splunk? If you’re passionate about the intricacies of cyclical statistical forecasting and anomaly identification, you’ll find that this enthusiasm is shared by our team at Splunk! In this article, we will take you through the latest advancements in our Machine Learning Toolkit, including a newly scalable version of our most-loved algorithm.
Advanced Scalable Anomaly Detection
With the launch of Machine Learning Toolkit (MLTK) 5.5, we are excited to present an updated version of our highly requested anomaly detection algorithm: the DensityFunction algorithm. This algorithm gained remarkable attention following its release, as showcased in exceptional conference presentations, including a noteworthy one from StubHub. More recently, it has been successfully applied in monitoring data ingestion channels into Splunk and in Know Your Customer (KYC) activities.
Despite its popularity, we continually received feedback regarding its performance with larger datasets. In response to this, the latest release boasts a redesigned, scalable version of the algorithm, now achieving enhancements that are an impressive 8-9 times better than the previous version!
How to Implement It?
Starting with this feature is incredibly easy! You can apply it directly in your searches by using the new supervise_split_by option and setting it to true, as demonstrated in the search example below. Alternatively, you may also access it through the Smart Outlier Detection Assistant, as shown in the provided screenshot.
... | fit DensityFunction count by "app,day_of_week"
supervise_split_by=true ...
For those interested in further exploring how this improved functionality works and understanding the upgrades we’ve made to the algorithm, be sure to read this lantern article or watch this informative video.
Where to Begin?
Your initial step is to download MLTK 5.5 and start experimenting with this innovative approach! If you’re seeking inspiration for potential applications, don’t miss our AI and ML-enhanced security use cases or check out our introductory guide: Splunk AI for Observability.
Looking forward, we are thrilled to share that MLTK is exploring integration with LLMs, enabling you to utilize your own LLM within a Splunk search. If you’re interested in discovering more—or eager to give it a try—head over to the preview portal to register!
Happy Splunking!
