Can you help me with some predictive analytics for...

joydeep741 · ‎12-18-2018

I want to forecast future values of a field.

_time TOTAL
01-07-2018 200
01-08-2018 220
01-09-2018 280
01-10-2018 180
01-11-2018 190
01-12-2018 80

In my Splunk Query I have used index= abc | timechart span =1mon count as TOTAL | predict TOTAL

But since Dec month is not yet complete (still 13 days left) then why the PREDICT line says 80 as the predicted value for Dec.

I want to show the correct prediction for the current month.

niketn · ‎12-18-2018

@joydeep741 please test with holdback=1 which implies the latest data point will not be used for prediction. In other words prediction would be from current month onward.

 | predict TOTAL holdback=1

Please refer to the Splunk Documentation to understand each of arguments for predict command. You can also try out Splunk Machine Learning Toolkit to Forecast Time Series data and read about Space State method using Kalman Filter which is applied in the predict command.

Following is a run anywhere example:

| makeresults 
| eval data="01-01-2018 90;01-02-2018 110;01-03-2018 120;01-04-2018 130;01-05-2018 140;01-05-2018 140;01-06-2018 240;01-07-2018 200;01-08-2018 220;01-09-2018 280;01-10-2018 180;01-11-2018 190;01-12-2018 80" 
| makemv data delim=";" 
| mvexpand data 
| makemv data delim=" " 
| eval _time=strptime(mvindex(data,0),"%d-%m-%Y"), count=mvindex(data,1) 
| fields - data 
| timechart span=1mon sum(count) as count 
| predict count algorithm=LLP5 holdback=1 future_timespan=3 upper95=upper lower95=lower

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

Can you help me with some predictive analytics for the current month?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!