Dashboards & Visualizations

How to create a predictive forecast for capacity consumption, then display in a Trellis dashboard, grouped by the value of one of the fields in the dataset

bulletprooffool
New Member

I have spent a few hours trying to solve this and viewing the forum, but no luck so far.

I have a single dataset containing a chunk of data.
I am trying to create a predictive forecast for capacity consumption - but I'd like to display this in a Trellis dashboard, grouped by the value of one of the fields in the dataset.
My data is quite consistent.

This is as close as I can get:

index="my_data" source="capacityStats" | timechart span=7d   max(machinesAllocatedPercentage) as Machines, max(storageGBAllocatedPercentage) as Storage, max(memoryGBAllocatedPercentage) as Memory | predict Machines, Storage, Memory

The problem is that this is a total average of ALL data and predictions, therefore.
My data maps to multiple capacity sources.
If I amend my query to:

index="my_data" source="capacityStats" | timechart span=7d   max(machinesAllocatedPercentage) as Machines, max(storageGBAllocatedPercentage) as Storage, max(memoryGBAllocatedPercentage) as Memory by CapacitySource

Then I can drill down and display my statistics using the Trellis feature, simply by Selecting 'CapacitySource' in the 'Split By' Option for the Trellis.
Seemingly, I am unable to do this in combination with the Predict analysis?

Does anyone know of a workaround?
Creating separate dashboards manually for each Capacity source won't suffice since I will occasionally get new ones, or lose old ones - and I need the dashboard to be self-maintaining.

I appreciate any help.

0 Karma

bulletprooffool
New Member

I am starting to think this is not possible...

0 Karma

to4kawa
Ultra Champion

Trellis needs stats/chart by just before.
after predict, you should aggregate.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...