Splunk Search

splunk predict period limit 2000 ??

New Member

Dear All expert ~

we have some data that every 5 minutes generated. 

and we want to predict it , we need to use the season local level algorithm.

cause our data period is 1 week.

therefore ,  12 points in one hour , 288 points in one day , 2016 points in 1 week


when  I try to predict it , some error occur ...




my source code..

index=traffic TP13G

|eval Timestamp = strftime(_time,"%Y/%m/%d %H:%M:%S")
|table _time Timestamp Source ip Port Description BW Incoming Outgoing
| eval total=Incoming+Outgoing


|timechart span=5m limit=0 avg(total) as total by equipment

| fields _time TP13G
| timechart span=5m values(TP13G) as CEN_TP13G
| predict "CEN_TP13G" as CEN_TP13G_prediction algorithm=LLP holdback=0 future_timespan=2016 period=2016 upper95=upper95 lower95=lower95
| eval isOutlier = if(CEN_TP13G_prediction!="" AND 'CEN_TP13G_prediction' != "" AND ('CEN_TP13G_prediction' < 'lower95(CEN_TP13G_prediction)' OR 'CEN_TP13G_prediction' > 'upper95(CEN_TP13G_prediction)'), "Outlier", "0")
| eval check=strftime(_time,"%Y/%m/%d %H:%M:%S")
| eval check=strptime(check,"%Y/%m/%d %H:%M:%S")
| where check > now()-604800
| fields - check
| rename lower95(CEN_TP13G_prediction) as predict_low
| rename upper95(CEN_TP13G_prediction) as predict_high
| fields + _time CEN_TP13G_prediction , CEN_TP13G isOutlier
| eval CEN_TP13G_prediction=round(CEN_TP13G_prediction,3)



is any way to modify the period 2000 to 2016 ??

thanks for help !!!!!

Will Tseng

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...