Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I predict the monthly data using predict command in splunk?

saranravi
New Member
‎06-22-2018 01:39 PM

Sample Data;
Month Year X1
5 2015 220
6 2015 210

7 2015 225

Output

Predicted results:

Month year x1
8 2015 220
9 2015 223.4

I have three years of data. any suggestion would be helpful.

Tags (1)
0 Karma
Reply

Sukisen1981
Champion
‎06-23-2018 12:36 AM

Hi,
I am assuming you had a look at the predict command documentation - https://docs.splunk.com/Documentation/Splunk/7.1.1/SearchReference/Predict

Now, you need to try the various algorithm options as mentioned in the table. If your data is seasonal / periodic etc. , your algorithm option should be based on that. I suggest starting with LLP5 and LLP first.
2 key points to remember
1-Please specify a holdback period, this will allow you to see how accurate your predictions are. from the document above - holdback
Syntax: holdback=
Description: Specifies the number of data points from the end that are not to be used by the predict command. Use in conjunction with the future_timespan argument. For example, 'holdback=10 future_timespan=10' computes the predicted values for the last 10 values in the data set. You can then judge how accurate the predictions are by checking whether the actual data point values fall into the predicted confidence intervals.
Default: 0
2-Remember , your data must have some underlying pattern for a algorithm to be successful. Try out the algorithm options with holdback and one of them should fit your use case,

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...