Hi Ismo, in my post, dataset was an example, here my dataset:    i have 53 months, so over 4 years splitted per months and in relation of documentation, the period is assumed by span parameter in timechart. here i've the same "problem". I'm using LLP algorithm because i've a seasonality. As you can see, in August more or less, i've a drecreasing of volumes and then an increasing. The prediction instead show a "zig zag" trend with the two same values.  In this way, the prediction is unuseful because i'm expecting a decreasing in this period and i'm not able to understand the future trends. Is my data the problem? too hard to predict and to establish a trend? Thanks, Denis     ... View more

i don't know what put in the row "| eval raw="field1=A field1=B field1=C field1=D field2=1 field2=2 field2=3 field2=4". You say me that it is dynamic, but what i write? I've need to use two fields and 11000 row... maybe i'm not understand, i'm sorry. ... View more

the problem is that i've about 11000 row and i can't calculate " eval raw="field1=A field1=B field1=C field1=D field2=1 field2=2 field2=3 field2=4" there is some function that do it automatically? ... View more

So, my number of row its variable. My data its in a unique index. You can image one index with 3 fields: FIELD1 - FIELD2 - FIELD3 Hostname1 - values - null() Hostname2 - values - null() Hostname3 - values - null() Hostname4 - values - null() .................... - ................ - ........... HostnameN - values - null() Hostname1 - null() - values Hostname2 - null() - values Hostname3 - null() - values Hostname4 - null() - values .................... - ................ - ........... HostnameN - null() - values What i wont is a match for values in field2 with values in field3. My key is Field 1. My search result should look like this: FIELD1 - FIELD2 - FIELD3 Hostname1 - values - values Hostname2 - values - values Hostname3 - values - values Hostname4 - values - values .................... - ................ - ............... Hostnamen - values - values ... View more

I've data protect from non disclosure agreement. Now i try with a my CSV test and i see if run. If i continue to have problem i ask here, thank you. ... View more

Can i see how work on your splunk? It make the difference between these dates? (in day). Because my CVS is not controllable from me, i can't modify it. I can try to upload a my file with some dates and do test for it. ... View more

I've one file CSV. In this file i have some fields, two of this are date. Splunk read this date like a strings. Now, i have need to calcolate the difference between this two dates, row-by-row. My final output must be a new column with all difference of this dates in days. i wrote 183 days, but was an example. I want all difference, for any row and any dates, in day, only this. I try to write this: ... | eval start_epoch = strptime(StardDate, "%d/%m/%Y") | eval end_epoch = strptime(EndDate, "%d/%m/%Y") | eval gap_in_seconds = end_epoch - start_epoch | eval gap_in_days = round(gap_in_seconds / 86400) and my output is null. Splunk don't convert my string date in strptime, if i try to write only " eval start_epoch = strptime(StardDate, "%d/%m/%Y")" i don't see anythings, i don't have output. ... View more

Hi, don't work. Specifically, when i use the function strptime(StardDate) or strptime(EndDate) i lost all data in these fields. Splunk don't convert my string in strptime, so, When i try to do difference between startdate and enddate i don't have any output. ... View more

Hi thank you, i do not found IF function, but now I see that it is possible in "eval" function. ... View more