The search below throws the error whenever there are more than two hosts searched for.: command="predict", Too few data points: -5. Need at least 1 (too many holdbacks (5) maybe?)
If searching for just one host, the data is perfect. I have 700+ hosts that I need to run this against. Any ideas?
Here is the search that returns the error:
| inputlookup test_diskusage.csv | search host=splunk-indexer-1 | eval _time=strptime(date, "%Y-%m-%d") | timechart span=1d values("/opt/splunk") as "/opt/splunk", values(cold0) AS cold0, values(cold1) AS cold1, values(hot0) AS hot0, values(hot1) AS hot1, values(hot2) AS hot2 | predict "/opt/splunk" "cold0" "cold1" "hot0" "hot1" "hot2" algorithm=LLP5 holdback=5 future_timespan=25 upper95=upper95 lower95=lower95
... View more