[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:01.04,0:00:03.28,Default,,0000,0000,0000,,Hi there. My name is Greg Ainslie-Malik,
Dialogue: 0,0:00:03.28,0:00:05.04,Default,,0000,0000,0000,,and I'd like to take you on a really
Dialogue: 0,0:00:05.04,0:00:06.32,Default,,0000,0000,0000,,brief tour
Dialogue: 0,0:00:06.32,0:00:08.32,Default,,0000,0000,0000,,through Splunk's machine learning
Dialogue: 0,0:00:08.32,0:00:10.16,Default,,0000,0000,0000,,toolkit.
Dialogue: 0,0:00:10.16,0:00:14.24,Default,,0000,0000,0000,,Originally developed for what Gartner
Dialogue: 0,0:00:14.24,0:00:17.28,Default,,0000,0000,0000,,termed citizen data scientists,
Dialogue: 0,0:00:17.28,0:00:19.52,Default,,0000,0000,0000,,the machine learning toolkit presents a
Dialogue: 0,0:00:19.52,0:00:20.72,Default,,0000,0000,0000,,whole host of
Dialogue: 0,0:00:20.72,0:00:24.24,Default,,0000,0000,0000,,features for customers
Dialogue: 0,0:00:24.24,0:00:26.80,Default,,0000,0000,0000,,mostly focused around assistance and
Dialogue: 0,0:00:26.80,0:00:27.84,Default,,0000,0000,0000,,experiments
Dialogue: 0,0:00:27.84,0:00:29.52,Default,,0000,0000,0000,,to help users who aren't familiar with
Dialogue: 0,0:00:29.52,0:00:31.36,Default,,0000,0000,0000,,data science
Dialogue: 0,0:00:31.36,0:00:34.00,Default,,0000,0000,0000,,train and test machine learning models
Dialogue: 0,0:00:34.00,0:00:36.64,Default,,0000,0000,0000,,and deploy them into production.
Dialogue: 0,0:00:36.64,0:00:38.88,Default,,0000,0000,0000,,And most of these assistants present as
Dialogue: 0,0:00:38.88,0:00:41.60,Default,,0000,0000,0000,,kind of guided interfaces where you can
Dialogue: 0,0:00:41.60,0:00:44.00,Default,,0000,0000,0000,,input some SPL, something that our users
Dialogue: 0,0:00:44.00,0:00:46.00,Default,,0000,0000,0000,,are very familiar with,
Dialogue: 0,0:00:46.00,0:00:47.76,Default,,0000,0000,0000,,select some algorithms, do some
Dialogue: 0,0:00:47.76,0:00:49.20,Default,,0000,0000,0000,,pre-processing,
Dialogue: 0,0:00:49.20,0:00:50.88,Default,,0000,0000,0000,,things that our users are less familiar
Dialogue: 0,0:00:50.88,0:00:53.84,Default,,0000,0000,0000,,with, and then view a set of dashboards, a
Dialogue: 0,0:00:53.84,0:00:56.00,Default,,0000,0000,0000,,set of reports that tell them about
Dialogue: 0,0:00:56.00,0:00:59.84,Default,,0000,0000,0000,,their model's performance.
Dialogue: 0,0:01:00.00,0:01:03.36,Default,,0000,0000,0000,,However, what we see from the telemetry
Dialogue: 0,0:01:03.36,0:01:06.24,Default,,0000,0000,0000,,is that these experiments are generally
Dialogue: 0,0:01:06.24,0:01:09.44,Default,,0000,0000,0000,,used as almost like pseudo training to help
Dialogue: 0,0:01:09.44,0:01:13.68,Default,,0000,0000,0000,,users familiarize themselves with MLTK, but of
Dialogue: 0,0:01:13.68,0:01:15.84,Default,,0000,0000,0000,,the monthly active users,
Dialogue: 0,0:01:15.84,0:01:19.68,Default,,0000,0000,0000,,actually more than 95% of them run
Dialogue: 0,0:01:19.68,0:01:22.40,Default,,0000,0000,0000,,MLTK searches straight from the search
Dialogue: 0,0:01:22.40,0:01:23.44,Default,,0000,0000,0000,,bar.
Dialogue: 0,0:01:23.44,0:01:25.84,Default,,0000,0000,0000,,So here you can see an example of that
Dialogue: 0,0:01:25.84,0:01:27.60,Default,,0000,0000,0000,,where we're using the fit command
Dialogue: 0,0:01:27.60,0:01:30.80,Default,,0000,0000,0000,,that ships with MLTK to apply an anomaly
Dialogue: 0,0:01:30.80,0:01:32.88,Default,,0000,0000,0000,,detection search.
Dialogue: 0,0:01:32.88,0:01:34.72,Default,,0000,0000,0000,,And you can see that this is actually
Dialogue: 0,0:01:34.72,0:01:37.12,Default,,0000,0000,0000,,just two lines of SPL.
Dialogue: 0,0:01:37.12,0:01:40.00,Default,,0000,0000,0000,,So for our NOC and SOC personas, those
Dialogue: 0,0:01:40.00,0:01:41.44,Default,,0000,0000,0000,,who are very familiar to us
Dialogue: 0,0:01:41.44,0:01:44.72,Default,,0000,0000,0000,,at Splunk, this is quite a simple thing
Dialogue: 0,0:01:44.72,0:01:47.04,Default,,0000,0000,0000,,to do.
Dialogue: 0,0:01:47.28,0:01:50.16,Default,,0000,0000,0000,,Now, while the search bar and the
Dialogue: 0,0:01:50.16,0:01:52.40,Default,,0000,0000,0000,,experiments can help our users develop
Dialogue: 0,0:01:52.40,0:01:53.52,Default,,0000,0000,0000,,and deploy
Dialogue: 0,0:01:53.52,0:01:55.44,Default,,0000,0000,0000,,simple techniques like this for finding
Dialogue: 0,0:01:55.44,0:01:58.40,Default,,0000,0000,0000,,anomalies or making predictions,
Dialogue: 0,0:01:58.40,0:02:01.36,Default,,0000,0000,0000,,what we're starting to see is a trend
Dialogue: 0,0:02:01.36,0:02:02.08,Default,,0000,0000,0000,,towards
Dialogue: 0,0:02:02.08,0:02:04.48,Default,,0000,0000,0000,,use case focused workflows. Here we have
Dialogue: 0,0:02:04.48,0:02:07.67,Default,,0000,0000,0000,,one for ITSI
Dialogue: 0,0:02:07.67,0:02:08.56,Default,,0000,0000,0000,,where
Dialogue: 0,0:02:08.56,0:02:10.40,Default,,0000,0000,0000,,more complex techniques can be run
Dialogue: 0,0:02:10.40,0:02:11.84,Default,,0000,0000,0000,,against data without
Dialogue: 0,0:02:11.84,0:02:14.32,Default,,0000,0000,0000,,having to see the details of the ML
Dialogue: 0,0:02:14.32,0:02:15.76,Default,,0000,0000,0000,,that's being applied at all.
Dialogue: 0,0:02:15.76,0:02:17.84,Default,,0000,0000,0000,,So here we have a list of episodes,
Dialogue: 0,0:02:17.84,0:02:20.24,Default,,0000,0000,0000,,incidents in ITSI.
Dialogue: 0,0:02:20.24,0:02:24.00,Default,,0000,0000,0000,,Where I'm clicking on an incident, some-
Dialogue: 0,0:02:24.00,0:02:26.16,Default,,0000,0000,0000,,a technique called causal inference gets
Dialogue: 0,0:02:26.16,0:02:27.36,Default,,0000,0000,0000,,run in the background
Dialogue: 0,0:02:27.36,0:02:29.36,Default,,0000,0000,0000,,to determine the root cause of that
Dialogue: 0,0:02:29.36,0:02:31.04,Default,,0000,0000,0000,,incident, and you can see here a graph
Dialogue: 0,0:02:31.04,0:02:33.04,Default,,0000,0000,0000,,structure that has mapped out
Dialogue: 0,0:02:33.04,0:02:36.08,Default,,0000,0000,0000,,those root cause relationships, and up
Dialogue: 0,0:02:36.08,0:02:38.08,Default,,0000,0000,0000,,here you can see a table where
Dialogue: 0,0:02:38.08,0:02:40.40,Default,,0000,0000,0000,,for the service that was impacted by the
Dialogue: 0,0:02:40.40,0:02:41.20,Default,,0000,0000,0000,,incident,
Dialogue: 0,0:02:41.20,0:02:43.20,Default,,0000,0000,0000,,here are all the KPIs that are affected
Dialogue: 0,0:02:43.20,0:02:45.12,Default,,0000,0000,0000,,it. And I'm clicking in this,
Dialogue: 0,0:02:45.12,0:02:48.32,Default,,0000,0000,0000,,we can quickly drill down and see what
Dialogue: 0,0:02:48.32,0:02:50.72,Default,,0000,0000,0000,,the raw data looked like,
Dialogue: 0,0:02:50.72,0:02:52.40,Default,,0000,0000,0000,,and I could draw the conclusion that
Dialogue: 0,0:02:52.40,0:02:54.72,Default,,0000,0000,0000,,perhaps it was disk space used
Dialogue: 0,0:02:54.72,0:02:57.12,Default,,0000,0000,0000,,that was the reason behind this incident
Dialogue: 0,0:02:57.12,0:03:01.84,Default,,0000,0000,0000,,in this case.