Hi anykcampy You can probably just switch to KV mode. From checking the source it seems like they just updated half the app and forgot to handle the 'max_cache_seconds' argument for File mode. ... View more

@Sukisen1981 I am also facing the same issue, Kalman filter algorithm prediction is not in line with the actual values. Linear Regression is the best fit to predict numerical values for CPU, Memory & Disk. But we can't see the forecast for next 30 days in this model. How do I proceed? Any thoughts on that?? ... View more

Could you solve the problem? I'm getting the same error. ... View more

Hi ankycampy, you can run a search over the last 30 minutes and do stats over each 10 minutes steps like this: index=_internal earliest=-30min@min sourcetype=splunkd | bucket _time span=1min | stats last(_time) AS last_time count AS per_min_count by _time, host, sourcetype | eval 30min_ago = if(last_time > exact(relative_time(now(),"-30min@min")) AND last_time <= exact(relative_time(now(),"-20min@min")) , per_min_count ,"0") | eval 20min_ago = if(last_time > exact(relative_time(now(),"-20min@min")) AND last_time <= exact(relative_time(now(),"-10min@min")) , per_min_count ,"0") | eval 10min_ago = if(last_time > exact(relative_time(now(),"-10min@min")) AND last_time <= exact(relative_time(now(),"-1min@min")) , per_min_count ,"0") | stats max(last_time) AS _time, values(host) AS host, values(sourcetype) AS sourcetype, max(10min_ago) AS 10min_ago, max(20min_ago) AS 20min_ago, max(30min_ago) AS 30min_ago Hope this helps to get you started ... cheers, MuS ... View more