Splunk Search

Prediction algorithm in splunk

singh3and12
Path Finder

Hi ,

I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualization it shows a pattern that's repeating again that pattern is taken from past data trend. so my query is in future if cpu usage is going to reach 99 or 100 then it should catch the approximate prediction but in this case it just following the previous pattern hence for prediction part we are getting a mirror reflection of previously trend... so can it be eliminated or corrected so that I could get variance around +5/-5 and it should catch the critical value if comes in future.

could you please explain me the calculation that running this algorithm LLP . Please don't give the splunk docs explanation as I have been through it its very limited to understand the underhood calculation behind. also please suggest if any other algorithm suited to meet my requirement in the query. below is the query m using

index="Xyz" search_name=search_update_acn_tier3_os_monitoring metric_label="Processor : CPU Load Average 15 Alert" | timechart span=2min max(metric_value) as "CPU_Load" |predict "CPU_Load" AS "Predicted_value" algorithm=LLP future_timespan=3000 |fields - lower95(Predicted_value) upper95(Predicted_value)

Tags (1)
0 Karma
1 Solution

harshpatel
Contributor

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

View solution in original post

0 Karma

singh3and12
Path Finder

needed a bit more explanation.. since we already developed a dashboard using predict algorithm for other metrices.. but still mirror reflected graph based on previous trend.. just wanted to what calculation being performed to predict values... in future like the one I am using is LLP,
likewise others LLT,LLP5.. can you explain on this part.. since splunk docs is very limited to understand its calculation... as we wouldn't be now preferring for MLTK Toolkit... may be later in future.. wouldn't our purpose be served by this itself of the query m using... please throw some light on to it.

0 Karma

harshpatel
Contributor

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...