Splunk Search

Can you help me with some predictive analytics for the current month?

joydeep741
Path Finder

I want to forecast future values of a field.

_time TOTAL
01-07-2018 200
01-08-2018 220
01-09-2018 280
01-10-2018 180
01-11-2018 190
01-12-2018 80
alt text
In my Splunk Query I have used index= abc | timechart span =1mon count as TOTAL | predict TOTAL

But since Dec month is not yet complete (still 13 days left) then why the PREDICT line says 80 as the predicted value for Dec.

I want to show the correct prediction for the current month.

0 Karma

niketn
Legend

@joydeep741 please test with holdback=1 which implies the latest data point will not be used for prediction. In other words prediction would be from current month onward.

 | predict TOTAL holdback=1

Please refer to the Splunk Documentation to understand each of arguments for predict command. You can also try out Splunk Machine Learning Toolkit to Forecast Time Series data and read about Space State method using Kalman Filter which is applied in the predict command.

Following is a run anywhere example:

| makeresults 
| eval data="01-01-2018 90;01-02-2018 110;01-03-2018 120;01-04-2018 130;01-05-2018 140;01-05-2018 140;01-06-2018 240;01-07-2018 200;01-08-2018 220;01-09-2018 280;01-10-2018 180;01-11-2018 190;01-12-2018 80" 
| makemv data delim=";" 
| mvexpand data 
| makemv data delim=" " 
| eval _time=strptime(mvindex(data,0),"%d-%m-%Y"), count=mvindex(data,1) 
| fields - data 
| timechart span=1mon sum(count) as count 
| predict count algorithm=LLP5 holdback=1 future_timespan=3 upper95=upper lower95=lower
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...