Solved: Re: Predict: Can I show only the predicted events ...

mkelderm · ‎11-29-2013

I like the predict clause, but how can I show only the prediction of the 'future'. For example:

index=prd_stats earliest=-5d sourcetype=appman:DatabaseQueryMonitor resource=Counts@GMPROD_MONDRIAAN attribute=AANTAL |  timechart useother=f usenull=f span=15m limit=0 avg(value) as aantal | predict aantal lower99=low upper99=high algorithm=LLP future_timespan=40

This query shows the prediction for the comming 10 hours (span*40). But I only want to see the prediction of this 10 hours.

guilmxm · ‎12-23-2013

Hi,

You can do it easily, append a "where" condition after the predict command to exclude non predicted data.

In you example, append:

| where isnull(aantal)

View solution in original post

guilmxm · ‎12-23-2013

Hi,

You can do it easily, append a "where" condition after the predict command to exclude non predicted data.

In you example, append:

| where isnull(aantal)

mkelderm · ‎12-23-2013

so simple ! Thanks!

Predict: Can I show only the predicted events in the future?

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...