Splunk Search

predict does not span the full dataset

kenvanderheyden
Path Finder

Hello all,

Using Splunk 6.2.1 enterprise, with the wonderfull "predict" feature on my dataset.
Can't seem to solve the issue below:

_time values lower95(prediction(values)) prediction(values) upper95(prediction(values))
... some data rows before ...
2012-07-26 31 -15.013427956 21.8162478572 58.6459236703
2012-08-02 -16.3596947095 21.4794702433 59.3186351962
2012-08-09 14 -12.1226410825 26.6804984539 65.4836379903
2012-08-16 -20.651592529 19.0738757323 58.7993439937
2012-08-23 -19.7983081051 20.8112026898 61.4207134847
2012-08-30 -22.2166494183 19.241558569 60.6997665564
2012-09-06

2012-09-13

2012-09-20 46

2012-09-27 3


... some data rows after ...

From this point on there is no more prediction.

I've used the following search to get these results:

...
| eval nummer1 = if(getal1=="1" OR getal2=="1" OR getal3=="1" OR getal4=="1" OR getal5=="1" OR getal6=="1" OR getalReserve=="1", "1", "0")
| search nummer1 !=0
| eval tDT= strptime(trekkingDatum, "%F")
| delta tDT as t_diff
| eval t_diff = floor(t_diff / 86400)
| eval _time = strptime(trekkingDatum, "%F")
| timechart span=7d values(t_diff) as values | predict values

Hope someone can point me in the right direction.

Thanks,
Ken.

Tags (3)
0 Karma

kenvanderheyden
Path Finder

Got this working for some part:
Using the future_timespan=150 it does now continue the prediction.

However the issue has now changed towards a prediction "flat line".
The prediction does not evolve / change after a certain point on the timeline.

While I have a weighted average that does span the full set, and does change over the complete line, predict does not.

Wonder what I might be missing here.

The changed line in the original script:
| timechart span=7d values(t_diff) as values | predict values algorithm=LL future_timespan=150 | trendline wma5(values)

Hope someone can share some wisdom in this ?

Thanks and a happy new year to everyone !

Ken.

0 Karma

HattrickNZ
Motivator

can you show a picter of what your expierncing? have you tried playing with earlies and latest in your search, this seemed to be importatnt to me what i was using the predict function.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...