Splunk Search

Can you help me with some predictive analytics for the current month?

joydeep741
Path Finder

I want to forecast future values of a field.

_time TOTAL
01-07-2018 200
01-08-2018 220
01-09-2018 280
01-10-2018 180
01-11-2018 190
01-12-2018 80
alt text
In my Splunk Query I have used index= abc | timechart span =1mon count as TOTAL | predict TOTAL

But since Dec month is not yet complete (still 13 days left) then why the PREDICT line says 80 as the predicted value for Dec.

I want to show the correct prediction for the current month.

0 Karma

niketn
Legend

@joydeep741 please test with holdback=1 which implies the latest data point will not be used for prediction. In other words prediction would be from current month onward.

 | predict TOTAL holdback=1

Please refer to the Splunk Documentation to understand each of arguments for predict command. You can also try out Splunk Machine Learning Toolkit to Forecast Time Series data and read about Space State method using Kalman Filter which is applied in the predict command.

Following is a run anywhere example:

| makeresults 
| eval data="01-01-2018 90;01-02-2018 110;01-03-2018 120;01-04-2018 130;01-05-2018 140;01-05-2018 140;01-06-2018 240;01-07-2018 200;01-08-2018 220;01-09-2018 280;01-10-2018 180;01-11-2018 190;01-12-2018 80" 
| makemv data delim=";" 
| mvexpand data 
| makemv data delim=" " 
| eval _time=strptime(mvindex(data,0),"%d-%m-%Y"), count=mvindex(data,1) 
| fields - data 
| timechart span=1mon sum(count) as count 
| predict count algorithm=LLP5 holdback=1 future_timespan=3 upper95=upper lower95=lower
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...