Skip to content

Splunk 101: Predict Command


Hey everyone, I’m Hailie with Kinney Group.


Today, I’ll walk you through a short tutorial on the predict command. The predict command forecast values from one or more sets of time series data. The command can also fill in missing data in a time series and provides predictions for the next several time steps.


As we’re going to see in this example, we’re going to have a bar graph displaying the number of purchases made on a specific host. The predict command is going to provide us with confidence intervals for all of its estimates with an upper and lower 95th percentile range displayed on the graph.


In this instance, we’re going to use the practice data that came from Spunk. Here, we’re in the index of the web. If we want to look at purchases made on a specific host, we’re going to use WW1 as a host. It’ll pull up the events that come from that but as I said earlier, predict needs some sort of time series data to work off of. 


New call-to-action


We’re going to use a time chart. By counting the number of purchases by our host, this is going to display a bar graph. As you can see the bar graph shows how many purchases were made on that host for the day. In this example, on November 8th, there were 76 purchases made. 


With the benefit of the predict command, we’re going to see predictions extend off the graph here for future days,  future predictions, and the upper and lower 95th percentile confidence ranges.


Use predict command in your environment when it makes sense to you. Maybe to see future trend analysis and use cases. Maybe for predicting the amount of disk usage you’re using a day, use space, or data ingest. In this instance, we used it to see a high confidence level of how many purchases we’d expect on our host for WW1.


Meet our Expert Team

If you’re a Splunker, or work with Splunkers, you probably have a full plate. Finding the value in Splunk comes from the big projects and the small day-to-day optimizations of your environment. Cue Expertise on Demand, a service that can help with those Splunk issues and improvements to scale. EOD is designed to answer your team’s daily questions and breakthrough stubborn roadblocks. We have the team here to support you. Let us know below how we can help.

New call-to-action