All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Predict App: Why is the app excluding step changes in data?

rob3770
Explorer
‎02-20-2018 07:01 AM

Hi, I'm creating a simple chart that displays disk space but Predict doesn't handle a step change very well. When space is filling up it successfully predicts but if any space has been freed up and these a sharp change in the data, Predict freaks out.

index=perfmon sourcetype="Perfmon:LogicalDisk" host=xxxxx counter="Free Megabytes" instance=E:
| timechart span=24h max(Value) usenull=f  | predict max(Value)  future_timespan=90

Also can it be run against multiple host or disks?

Cheers

0 Karma
Reply

mhoogcarspel_sp
Splunk Employee
Splunk Employee
‎02-20-2018 09:12 AM

Not quite sure what you mean by "freaks out" (picture might help?)

I'll have a stab at this though:

Predict uses LLP5, which includes "seasonality" (recurring patterns),

try feeding it more historical data and/or tune the period, this should average things out,
you might want to change to "LLT" instead of you don't want seasonality at all?

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Predict#Predict_options

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...