Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I display just the prediction (future) in a chart ?

henriq_c
Explorer
‎02-20-2019 06:14 AM

I'm doing a chart where i want to predict the disk space for the month after and I have this :
.... predict C as "Prediction of C" algorithm=LLP5

(i put a span of 1m of the timechart)

1) I don't know how to do display just the future and not the past of the prediction (_time <= now())
2) And how to predict 1 month later ?
3) don't work with where 😕
4) If I pick in the time picker an anterior date, i want that my chart don't take the 'predict' in count and just display the chart without prediction

Thank you

Tags (1)
0 Karma
Reply

adonio
Ultra Champion
‎02-20-2019 06:54 PM

hello there,

many questions in one so lets start:
1. try this search anywhere:

    | gentimes start="01/01/2018:00:00:00" end="12/31/2018:23:59:59" increment=10m
    | eval _time = starttime 
    | eval random_value = random()%10000
    | timechart span=1h min(random_value) as value
    | predict value algorithm=LLP5 period=2
    | search _time > 1546300799

maybe narrow down the time as it can get heavy. you can see in the viz tab that only events after 12/31/2018
also play a Lillie with the integers for span= and period=
2. predicting to the future depends on how far back you are looking and on the period and future_timespan attributes
read here more: https://docs.splunk.com/Documentation/Splunk/7.2.4/SearchReference/Predict
3. the where worked fine for me, see screenshot, try and substitute the search in the last line of code to where
4. i don't understand the requirement here, maybe open another question or elaborate?

screenshot

alt text

hope it helps

Preview file
101 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...