Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Prediction Function Algorithms Questions

lfetky
New Member
‎07-17-2013 09:11 AM

I'm currently trying to translate Splunk functions into SAS, and was hoping for some clarification on the prediction function.

  1. Are the algorithms Splunk uses for the prediction models proprietary? If not, is there any further documentation/explanation concerning the predict function algorithms Splunk uses? We are hoping to replicate the predict function analysis from Splunk in SAS, and want to be sure we fully understand the step-by-step calculations Splunk uses as we do so.
    1. How do we interpret the following prediction algorithms: LL, LLP, LLT, LLB?
    2. How do we interpret the lower 95 and upper 95 (prediction count)?
    3. Can you please give us a real-world example where “malware” fell above or below the predicted value’s confidence interval based on the dataset used and the time series model utilized?

Thanks!

0 Karma
Reply

nnguyen_splunk
Splunk Employee
Splunk Employee
‎07-19-2013 04:20 PM
  1. All the algorithms are based on the Kalman filter which is not proprietary. However, some of the variations we come up with are proprietary. Explanation of the Kalman filter can be found in the outside literature. One of the books I found useful while implementing the predict command is "An Introduction to State Space Time Series Analysis" by Commandeur-Koopman.
  2. Local Level (LL): this a univariate model with no trends and no seasonaility. Seasonal Local Level (LLP): this is a univariate model with seasonality. The periodicity of the time series is automatically computed. Local Level Trend (LLT): this is a univariate model with trend but no seasonality. Bivariate Local Level (LLB): this is a bivariate model with no trends and no seasonality.
    1. The lower 95 and upper 95 specifies a confidence interval in which we expect 95% of the predictions to fall.
    2. Most of the time SOME of the predictions will fall outside the confidence interval. That is normal because 1. the confidence interval does not cover 100% of the predictions and 2. the confidence interval is about a probabilistic expectation and things don't match the expectation exactly.
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...