Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I display just the prediction (future) in a chart ?

henriq_c
Explorer
‎02-20-2019 06:14 AM

I'm doing a chart where i want to predict the disk space for the month after and I have this :
.... predict C as "Prediction of C" algorithm=LLP5

(i put a span of 1m of the timechart)

1) I don't know how to do display just the future and not the past of the prediction (_time <= now())
2) And how to predict 1 month later ?
3) don't work with where 😕
4) If I pick in the time picker an anterior date, i want that my chart don't take the 'predict' in count and just display the chart without prediction

Thank you

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎02-20-2019 06:54 PM

hello there,

many questions in one so lets start:
1. try this search anywhere:

    | gentimes start="01/01/2018:00:00:00" end="12/31/2018:23:59:59" increment=10m
    | eval _time = starttime 
    | eval random_value = random()%10000
    | timechart span=1h min(random_value) as value
    | predict value algorithm=LLP5 period=2
    | search _time > 1546300799

maybe narrow down the time as it can get heavy. you can see in the viz tab that only events after 12/31/2018
also play a Lillie with the integers for span= and period=
2. predicting to the future depends on how far back you are looking and on the period and future_timespan attributes
read here more: https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/Predict
3. the where worked fine for me, see screenshot, try and substitute the search in the last line of code to where
4. i don't understand the requirement here, maybe open another question or elaborate?

screenshot

alt text

hope it helps

Preview file
101 KB
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...