All Apps and Add-ons

Is there a generic eventgen that can be used for a MLT workshop?

hettervik
Builder

Hi folks,

We're going to do a Splunk Machine Learning Toolkit (MLT) workshop for some customers, and we're planning on creating a live environment for them to lab on. To do this we need an event generator that produces a variety of events so that several of the functions of the MLT can be tested with natural results. I've been looking for a Buttercup eventgen, but can't find any. Does anyone know if there exist a pre-configured Buttercup eventgen or similar that can be used for workshops like this?

Thanks.

0 Karma

woodcock
Esteemed Legend

This is the latest hotness in flexibility and appears to be the future of eventgens for Splunk:

https://github.com/coccyx/gogen

@coccyx is on Splunk slack, too.

0 Karma

hettervik
Builder

Great, thanks! I'll try it out. 🙂

0 Karma

compyy23
Explorer

Were you able to generate buttercup games data with gogen ?

0 Karma

hettervik
Builder

Unfortunately I never got to testing gogen. Let me know how it works out if you do. 🙂

0 Karma

niketn
Legend

Can you use Showcase examples that are built in to Machine Learning Toolkit?

For Realtime data I mostly use:
1) Splunk's internal index (which also has access logs)
2) Windows Server Performance Counters like CPU or Memory.

Can you use one of the above?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

hettervik
Builder

The showcases that are built into MLT includes some static lists, but no live data. I guess we could use these lists, or use internal data, but it would be more "real" if we where to use live data that's not internal. Examples could be traffic on web sites, sales, disk usage, performance, etc.

0 Karma

niketn
Legend

@hettervi, why dont you turn on CPU Collection (% Processor Time) on the Splunk Sandbox Server itself ( if it is Windows Server, or if you have Splunk License forward the same from a remote machine), as I have mentioned in scenario 2 above. That way you can show CPU Utilization. One of the hurdles that I see is that how would you get Historical Data to train?

You can also enable Event Viewer metrics collection on Windows Server and pass on System and/or Application logs and show prediction for Event Log Errors.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

niketn
Legend

Also if you consider Splunk app itself it monitors Splunk's usage through _internal sourcetype.

So considering Splunk as a web app, there can be several usecases with (i) sourcetype=splunkd_access or (ii) sourcetype=splunkd AND source=*metrics.log

http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Metricslog

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

hettervik
Builder

Thank you very much for the suggestions! I'll keep the question open some time loger. A Buttercup event generator would indeed be nice. 🙂

0 Karma

niketn
Legend

While you can try out these, do wait for others to respond though 😉 If an Event Generator for Buttercup game kind of data is available that would be great 🙂

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...