All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to predict occurrence of a particular error string?

soumyasaha25
Contributor
‎01-30-2018 03:55 AM

I have a bunch of error strings which i am currently using to generate dashboards such as

of error strings matches per server

of all error string matches, etc

I have the list of error strings in a lookup file on which i am running my query to query the data in Splunk for the occurrence counts of the error strings

I am looking at a feasibility to use MLTK to predict the probability of occurrence of each error strings in the future.
Any help or suggestions on this regard would be helpful, i already have MLTK setup in my environment

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aoliner_splunk
Splunk Employee
Splunk Employee
‎01-30-2018 02:41 PM

Without knowing more about the data, I'd suggest two directions for investigation:

  1. If you expect the number of past occurrences of an error to be a good predictor of future occurrences, try using the Forecast Time Series assistant. For example, web server traffic from one day to the next may be fairly predictable on an hour-to-hour basis, so perhaps the number of errors is, as well.
  2. If you expect environmental factors like free disk space or CPU utilization to play a role in the occurrence of the errors, try using the Predict Numeric Fields assistant to build a model that takes those factors, now, and tries to predict the number of errors in, say, an hour.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aoliner_splunk
Splunk Employee
Splunk Employee
‎01-30-2018 02:41 PM

Without knowing more about the data, I'd suggest two directions for investigation:

  1. If you expect the number of past occurrences of an error to be a good predictor of future occurrences, try using the Forecast Time Series assistant. For example, web server traffic from one day to the next may be fairly predictable on an hour-to-hour basis, so perhaps the number of errors is, as well.
  2. If you expect environmental factors like free disk space or CPU utilization to play a role in the occurrence of the errors, try using the Predict Numeric Fields assistant to build a model that takes those factors, now, and tries to predict the number of errors in, say, an hour.
0 Karma
Reply
Solved! Jump to solution

soumyasaha25
Contributor
‎01-31-2018 05:04 AM

thank you for your suggestions, i figured it on how to create the forecasting model (created one as well). i have saved the dashboard as well, but could not figure out where the dashboards are. I did not find any "Dashboards" tab in the MLTK app.
looked into the Scheduled jobs tab, but could not find any dashboard in it. the only way i am able to view it is when i add a new panel to the existing dashboard and then click on "View Dashboard"

isnt there a tab in MLTK where i can see the list of all dashboard, or is it some permission issue. (i had tried to modify the permission of the dashboard and given read permission to all in the app, still cant view it)

0 Karma
Reply
Solved! Jump to solution

aoliner_splunk
Splunk Employee
Splunk Employee
‎01-31-2018 09:11 AM

The easiest way, if you know the name of the dashboard, is to use the "Find" field in the top right corner. Type in the title of the dashboard and it'll pop up. Alternatively, you can make the dashboard visible to all apps and access via the Dashboards tab in the Search and Reporting app.

0 Karma
Reply
Solved! Jump to solution

skoelpin
SplunkTrust
SplunkTrust
‎01-30-2018 07:38 AM

The MLTK will work if there is a pattern of these words in the past occurring or if there are fields which can indicate these error strings will occur.

Have you looked into this?

0 Karma
Reply
Solved! Jump to solution

soumyasaha25
Contributor
‎01-30-2018 11:25 PM

you mean to say there should be some field for each of these error strings, so splunk can predict that the corresponding error string will occur only when field occurs.
is not not possible to have a predictive future occurrence count for each of these error strings (keep in mind these error strings are not individual fields, they are populated via a lookup file) without having a separate field for each one.
my requirement is if today the count for error string "ABCD" is 58 then i need to predict the occurrence count of the error string "ABCD" after 1 month and draw a trendline based on it.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...