Solved: Prediction algorithm in splunk

singh3and12 · ‎06-04-2019

Hi ,

I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualization it shows a pattern that's repeating again that pattern is taken from past data trend. so my query is in future if cpu usage is going to reach 99 or 100 then it should catch the approximate prediction but in this case it just following the previous pattern hence for prediction part we are getting a mirror reflection of previously trend... so can it be eliminated or corrected so that I could get variance around +5/-5 and it should catch the critical value if comes in future.

could you please explain me the calculation that running this algorithm LLP . Please don't give the splunk docs explanation as I have been through it its very limited to understand the underhood calculation behind. also please suggest if any other algorithm suited to meet my requirement in the query. below is the query m using

index="Xyz" search_name=search_update_acn_tier3_os_monitoring metric_label="Processor : CPU Load Average 15 Alert" | timechart span=2min max(metric_value) as "CPU_Load" |predict "CPU_Load" AS "Predicted_value" algorithm=LLP future_timespan=3000 |fields - lower95(Predicted_value) upper95(Predicted_value)

harshpatel · ‎06-04-2019

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

View solution in original post

singh3and12 · ‎06-06-2019

needed a bit more explanation.. since we already developed a dashboard using predict algorithm for other metrices.. but still mirror reflected graph based on previous trend.. just wanted to what calculation being performed to predict values... in future like the one I am using is LLP,
likewise others LLT,LLP5.. can you explain on this part.. since splunk docs is very limited to understand its calculation... as we wouldn't be now preferring for MLTK Toolkit... may be later in future.. wouldn't our purpose be served by this itself of the query m using... please throw some light on to it.

harshpatel · ‎06-04-2019

Hi @singh3and12,

You will not be able to accurately predict CPU_Load based on previous values because you never know if any resource intensive job is going to be executed. I would suggest that if you have some other fields which can tell you when CPU_Load is going to be increased then you can use Splunk's machine learning toolkit. For example, if it's a server then you may get CPU_Load based on the received requests, request type, number of jobs in the queue. These types of fields will make better predictions of CPU Load than it's previous available values. Using ml algorithm can predict future CPU load based knowing what factors affected it to be 100% in the previous place.

Hope this helps.

Prediction algorithm in splunk

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Are you a member of the Splunk Community?

Prediction algorithm in splunk

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console