Ok so the following code correctly joins my lookup table to my search in the search app:
index = sso | lookup Students_Fall_2018.csv USER as user OUTPUT
And this next line of code allows me to use the Machine Learning Toolkit Predict Categorical Fields Classic Assistant in the MLTK app to predict the "withdrawn" column that is in the lookup table but only using fields to use for predicting that are also located in the same lookup table, obviously.
| inputlookup Students_Fall_2018.csv
So theoretically I should be able to run the first line in the MLTK app to run a logic regression or another algorithm to predict the "withdrawn" field that is in the lookup table, but only now I should be able to use fields that are inside my events retrieved from my search (such as source or url etc.) instead of only being able to predict using fields that are only in the lookup table. But I cannot, the process runs, completes, returns events or whatnot just like it should but then when its time to select the field I want to predict, it is greyed out and will not allow me to select it. Ultimately I am trying to predict if a customer is likely to withdraw based on what company sites/pages/services the customer visits and how often they visit etc. using the url and other information that is contained in the resulting info in the events retrieved from the adjoining search. I don't need Splunk to predict based on information only in my lookup table, as I have been doing this already using R or SPSS or any other stats tool. Where Splunk differs from these other tools is the ability to analyze the customer's online behavior, if I could just figure out how. Thanks fro your help!
... View more