Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Need help on predict command

strive
Influencer
‎10-14-2013 12:23 PM

Hi,

I have a requirement to do predictive analysis of a metric. I am referring the link http://docs.splunk.com/Documentation/Splunk/5.0.4/SearchReference/Predict to understand predict command. In this link, there is no default specified for many options. Only lower and upper predict options have default values.

Is the documentation incomplete?

I have a timechart with three values plotted. 

| timechart partial=false span=5m first(Average) as Average first(Peak) as Peak first(Capacity) as Capacity

I added predict command in the end.. 

| timechart partial=false span=5m first(Average) as Average first(Peak) as Peak first(Capacity) as Capacity | predict Average

I have 288 results from the search. The predict command values are plotted only till 143 results. After that everything is blank. If i use future_timespan option then i am able to get predict values for other results based on value set for future_timespan.

Why splunk is stopping predicting at 143 results? It is very difficult to set the value for future_timespan unless i know the behavior of predict command.

What is the default value of future_timespan?

Am i missing something here? Please help me.

Thanks

Strive

Tags (1)
0 Karma
Reply

nnguyen_splunk
Splunk Employee
Splunk Employee
‎10-16-2013 02:49 PM

Hi,
First, the default value for future_timespan is 5.
Second, I don't know why splunk stopped predicting at 143 results. Does it plot 288 results if you don't pipe it through predict?

0 Karma
Reply

HattrickNZ
Motivator
‎03-05-2015 02:00 PM

from the docs it says that future_timespan is a number. but my question is what is the period is it 5 hours,days,weeks...etc? where can we controld this or is it controlled by the span=d you use in your timechart

0 Karma
Reply

pred312
Engager
‎08-10-2018 12:55 PM

Yes, the span is controlled by the span mentioned in your timechart command. If you write |timechart span=1d then when using your future_timespan="182" . It means that the future time span is 182 days. If you chose your timechart span to be 1 hour, the future_timespan would showcase 182 hours. etc

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...