Splunk Search

Prediction algorithm in splunk

singh3and12
Path Finder

Hi ,

I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualization it shows a pattern that's repeating again that pattern is taken from past data trend. so my query is in future if cpu usage is going to reach 99 or 100 then it should catch the approximate prediction but in this case it just following the previous pattern hence for prediction part we are getting a mirror reflection of previously trend... so can it be eliminated or corrected so that I could get variance around +5/-5 and it should catch the critical value if comes in future.

could you please explain me the calculation that running this algorithm LLP . Please don't give the splunk docs explanation as I have been through it its very limited to understand the underhood calculation behind. also please suggest if any other algorithm suited to meet my requirement in the query. below is the query m using

index="Xyz" search_name=search_update_acn_tier3_os_monitoring metric_label="Processor : CPU Load Average 15 Alert" | timechart span=2min max(metric_value) as "CPU_Load" |predict "CPU_Load" AS "Predicted_value" algorithm=LLP future_timespan=3000 |fields - lower95(Predicted_value) upper95(Predicted_value)

Tags (1)
0 Karma
1 Solution

harshpatel
Contributor

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

View solution in original post

0 Karma

singh3and12
Path Finder

needed a bit more explanation.. since we already developed a dashboard using predict algorithm for other metrices.. but still mirror reflected graph based on previous trend.. just wanted to what calculation being performed to predict values... in future like the one I am using is LLP,
likewise others LLT,LLP5.. can you explain on this part.. since splunk docs is very limited to understand its calculation... as we wouldn't be now preferring for MLTK Toolkit... may be later in future.. wouldn't our purpose be served by this itself of the query m using... please throw some light on to it.

0 Karma

harshpatel
Contributor

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...