Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need help on predict command usage in graph

kdimaria
Communicator
‎09-29-2017 10:09 AM

I have a trend graph that shows some data then its predicting out that data a couple days forward. However, The prediction starts when the normal data starts, when I would rather have the prediction start on the graph when there is no previous data. Basically attaching itself to the previous trendline and adding on with it's prediction. Is there a way to do this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Sukisen1981
Champion
‎09-29-2017 10:21 AM 
timechart span=5min avg(p) as Act |predict Act AS pred  algorithm=LLP5 upper95=high lower95=low holdback=30 future_timespan=70 | eval pred=if(isnull(Act),pred,Act)

==
Assuming Act as actuals & pred as predicted field names

View solution in original post

Reply
Solved! Jump to solution

niketn
Legend
‎10-02-2017 09:20 AM

@kdimaria, if your intention is to distinguish prediction chart between current time span and future time span, you can try installing Machine Learning Toolkit app (https://splunkbase.splunk.com/app/2890/) which adds Forecast Chart visualization. As you can see the Current Time Series is highlighted in Red and Future Time Series in Blue, Current Confidence Interval in Orange and Future Confidence Interval in Green.

alt text

Refer to documentation for passing predict command parameters to forecastviz or modvizpredict macro: https://docs.splunk.com/Documentation/MLApp/latest/User/Customvisualizations#Forecast_Chart_.28Forec...

You can also refer to Forecast Time Series documentation on http://docs.splunk.com/Documentation/MLApp/latest/User/ForecastTimeSeries
Please try out and confirm.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Preview file
164 KB
Reply
Solved! Jump to solution
Solution

Sukisen1981
Champion
‎09-29-2017 10:21 AM 
timechart span=5min avg(p) as Act |predict Act AS pred  algorithm=LLP5 upper95=high lower95=low holdback=30 future_timespan=70 | eval pred=if(isnull(Act),pred,Act)

==
Assuming Act as actuals & pred as predicted field names

Reply
Solved! Jump to solution

kdimaria
Communicator
‎10-02-2017 06:02 AM

@Sukisen1981 , This works but when I eval the predict field, it gets rid of the upper and lower limit possibilities. Is there a way to keep those in the graph as well?

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎10-03-2017 09:19 AM

Hi,

Yes, I get what you mean - high(pred) and low(pred) ae missing. However, try this :

timechart span=5min avg(p) as Act |predict Act AS pred algorithm=LLP5 upper95=high lower95=low holdback=30 future_timespan=70 | eval pred=if(isnull(Act),pred,Act) |rename high(pred) AS X|fields _time,Act,X,pred

You will get X plotted as the high limit values.///apply same and rename low(pred) to Y .
Choose X and Y names as something like hmmm maybe - "High / Low Limit"
I use he MLTK app like @niketnilay is saying....

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...