All Apps and Add-ons

How to predict from time series values for Multiple fields? (Machine Learning Toolkit)

index=deg host=host sourcetype=source source=logpath Name=* Pages=* Schema=* 
| eval SizeInMB = ((Pages * 4 * 1024)/1048576)
| eval Maximum = max(SizeInMB)
| sort -Maximum
| where Maximum > 25000
| timechart span=1hr max(Maximum) by Name
| rename Maximum as "MBSize"
| Predict Name 1

This is my search query that produces a time series of data points (every hour) for Megabyte Size of around 10 tables names.

Name 1 Name 2 Name 3 Name 4 ...
01:00 MBsize MBsize MBsize MBsize
02:00 MBsize MBsize MBsize MBsize
03:00 MBsize MBsize MBsize MBsize
04:00 MBsize MBsize MBsize MBsize

My Question is...How do I predict the MBsize for lets say 2 months in the future for each table name based on the gathered previous data points for each table?

I understand how this can be done forecasted for 1 Table Name by specifying | Predict Name 1 Name 2 Name 3 etc.. but I don't know how to pass in all the table names in as a list to handle predicting Multiple tables names based on their past data points.
I cannot hardcode the Name 1 Name 2 Name 3...etc because they may be different based on the table names i retrieve through the search.

0 Karma
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...