Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is this a suitable use case for the Splunk Machine Learning Toolkit?

hmallett
Path Finder
‎01-04-2021 06:04 AM

Suppose I have two sets of data:

  • Workers, who have attributes such as location, pay grade, role, department, skills.
  • Roles, which have attributes such as location, pay grade, role, department.

If I also have a mapping of which workers have been assigned which roles in the past, including an attribute of whether the assignment was considered a success or a failure, could I use the past data to train a model and assign some predicted success/failure score to each possible worker/role combination?

Note that it wouldn't be necessary for a worker and role to have attributes which are exact matches, but I might expect a model to identify combinations which have been successful in the past (E.g. a worker was in the IT department, and was successfully matched with a role in the Security department), and learn from that.

I have looked at the documentation for the MLTK Showcase Examples and I'm not sure that any of the examples closely match what I would like to achieve.

Does this sound feasible?

Thanks.

Labels (1)
Labels
0 Karma
Reply

Yolan
Explorer
‎01-04-2021 06:58 AM

In general ML can do this, however the data you are describing is very discrete. For example, both Workers and Roles have a paygrade, but learning something about this can be prove challenging for an ML algorithm. A new worker might not have the exact same paygrade as a previous worker, so creating a new feature which calculates the difference between the paygrade of the role and the worker is more beneficial. Worker/Role combination with a higher paygrade difference might be more likely to succeed.

It is similar to how you would evaluate it yourself. Having features that are easily comparable to each other helps the algorithm learn.

I think what you want as an input is a worker/role combination including their attributes and maybe some extra feature like the one I mentioned. As output you should get a success/failure condition, possibly with a confidence value for how likely the answer is. That way you can train it using the same information.

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...