Dashboards & Visualizations

How to create a predictive forecast for capacity consumption, then display in a Trellis dashboard, grouped by the value of one of the fields in the dataset

bulletprooffool
New Member

I have spent a few hours trying to solve this and viewing the forum, but no luck so far.

I have a single dataset containing a chunk of data.
I am trying to create a predictive forecast for capacity consumption - but I'd like to display this in a Trellis dashboard, grouped by the value of one of the fields in the dataset.
My data is quite consistent.

This is as close as I can get:

index="my_data" source="capacityStats" | timechart span=7d   max(machinesAllocatedPercentage) as Machines, max(storageGBAllocatedPercentage) as Storage, max(memoryGBAllocatedPercentage) as Memory | predict Machines, Storage, Memory

The problem is that this is a total average of ALL data and predictions, therefore.
My data maps to multiple capacity sources.
If I amend my query to:

index="my_data" source="capacityStats" | timechart span=7d   max(machinesAllocatedPercentage) as Machines, max(storageGBAllocatedPercentage) as Storage, max(memoryGBAllocatedPercentage) as Memory by CapacitySource

Then I can drill down and display my statistics using the Trellis feature, simply by Selecting 'CapacitySource' in the 'Split By' Option for the Trellis.
Seemingly, I am unable to do this in combination with the Predict analysis?

Does anyone know of a workaround?
Creating separate dashboards manually for each Capacity source won't suffice since I will occasionally get new ones, or lose old ones - and I need the dashboard to be self-maintaining.

I appreciate any help.

0 Karma

bulletprooffool
New Member

I am starting to think this is not possible...

0 Karma

to4kawa
Ultra Champion

Trellis needs stats/chart by just before.
after predict, you should aggregate.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...