Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Predict: Can I show only the predicted events in the future?

mkelderm
Path Finder
‎11-29-2013 01:48 AM

I like the predict clause, but how can I show only the prediction of the 'future'. For example:

index=prd_stats earliest=-5d sourcetype=appman:DatabaseQueryMonitor resource=Counts@GMPROD_MONDRIAAN attribute=AANTAL |  timechart useother=f usenull=f span=15m limit=0 avg(value) as aantal | predict aantal lower99=low upper99=high algorithm=LLP future_timespan=40

This query shows the prediction for the comming 10 hours (span*40). But I only want to see the prediction of this 10 hours.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

guilmxm
Influencer
‎12-23-2013 01:47 AM

Hi,

You can do it easily, append a "where" condition after the predict command to exclude non predicted data.

In you example, append:

| where isnull(aantal)

View solution in original post

Reply
Solved! Jump to solution
Solution

guilmxm
Influencer
‎12-23-2013 01:47 AM

Hi,

You can do it easily, append a "where" condition after the predict command to exclude non predicted data.

In you example, append:

| where isnull(aantal)

Reply
Solved! Jump to solution

mkelderm
Path Finder
‎12-23-2013 01:50 AM

so simple ! Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...