Splunk Search

Why is my below search throwing the following error: "Predict Error: Too few data points: -5." ?

johnnyfrx
Path Finder

The search below throws the error whenever there are more than two hosts searched for.: command="predict", Too few data points: -5. Need at least 1 (too many holdbacks (5) maybe?)

If searching for just one host, the data is perfect. I have 700+ hosts that I need to run this against. Any ideas?

Here is the search that returns the error:

| inputlookup test_diskusage.csv | search host=splunk-indexer-1 | eval _time=strptime(date, "%Y-%m-%d") | timechart span=1d values("/opt/splunk") as "/opt/splunk", values(cold0) AS cold0, values(cold1) AS cold1, values(hot0) AS hot0, values(hot1) AS hot1, values(hot2) AS hot2 | predict "/opt/splunk" "cold0" "cold1" "hot0" "hot1" "hot2" algorithm=LLP5 holdback=5 future_timespan=25 upper95=upper95 lower95=lower95
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...