Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help on predict command

strive
Influencer
‎10-14-2013 12:23 PM

Hi,

I have a requirement to do predictive analysis of a metric. I am referring the link http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Predict to understand predict command. In this link, there is no default specified for many options. Only lower and upper predict options have default values.

Is the documentation incomplete?

I have a timechart with three values plotted. 

| timechart partial=false span=5m first(Average) as Average first(Peak) as Peak first(Capacity) as Capacity

I added predict command in the end.. 

| timechart partial=false span=5m first(Average) as Average first(Peak) as Peak first(Capacity) as Capacity | predict Average

I have 288 results from the search. The predict command values are plotted only till 143 results. After that everything is blank. If i use future_timespan option then i am able to get predict values for other results based on value set for future_timespan.

Why splunk is stopping predicting at 143 results? It is very difficult to set the value for future_timespan unless i know the behavior of predict command.

What is the default value of future_timespan?

Am i missing something here? Please help me.

Thanks

Strive

Tags (1)
0 Karma
Reply

nnguyen_splunk
Splunk Employee
Splunk Employee
‎10-16-2013 02:49 PM

Hi,
First, the default value for future_timespan is 5.
Second, I don't know why splunk stopped predicting at 143 results. Does it plot 288 results if you don't pipe it through predict?

0 Karma
Reply

HattrickNZ
Motivator
‎03-05-2015 02:00 PM

from the docs it says that future_timespan is a number. but my question is what is the period is it 5 hours,days,weeks...etc? where can we controld this or is it controlled by the span=d you use in your timechart

0 Karma
Reply

pred312
Engager
‎08-10-2018 12:55 PM

Yes, the span is controlled by the span mentioned in your timechart command. If you write |timechart span=1d then when using your future_timespan="182" . It means that the future time span is 182 days. If you chose your timechart span to be 1 hour, the future_timespan would showcase 182 hours. etc

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...