Spread our blog

How to Forecast Values Using Splunk Machine Learning Toolkit

Hello everyone !!!

Today we have come with a most interesting and useful topic of Splunk that is Forecasting . Forecasting means to predict some values of future using present values. All of you heard about the application called Splunk Machine Learning Toolkit ( MLTK ) in Splunk . This application is basically used for forecasting the data. Today we will show you how to forecast the data in Splunk Machine Learning Toolkit. Follow the below steps to forecast the data.

Step 1:

Open the Splunk Machine Learning Toolkit


Step 2:

By default it will open Showcase page in Splunk Machine Learning Toolkit . For forecasting new data click on Experiment.


Step 3:

Select your desired Assistant to create a new Experiment. Here we have selected Forecast Time Series for our prediction.


Step 4:

Give an Experiment Title for creating an Experiment . We have given the title as  Method Count Prediction . Click on Create.


Step 5:

Enter a search string for prediction . We have given the search string as index=_internal sourcetype=splunkd_ui_access | timechart span=1h count(method) as method_count

We are running the search for last 24 hours. Hit enter to get the result.


Step 6:

You can preview the data which is generated by the query.


Step 7:

Select the Field to Forecast which you want to predict. We have selected method_count for forecast. Also give the Method for prediction and you can give the Future  Timespan and Holdback as well.We have selected Method as LL(local level).You can utilize other Methods too as per your data . Click on the Forecast to predict the value. To know more about prediction methods,future timespan and holdback see Usage of Splunk commands  : PREDICT.

You can also know about :  Schedule a Report if data is not coming to the index in the last 7 days


Step 8:

View the Forecast result.


Step 9:

To see the SPL behind this Forecast click on Show Spl.


Step 10 :

Now you can see the SPL query. One predict command portion is generating by default . 


Step 11:

After forecasting click on Save to save the experiment.



Step  12:

To see the saved experiments click on Go to Listing Page.


Step 13:

Now you can see the Experiment in the list which you have saved.


Hope this has helped you in achieving the below requirement without fail !!

How to Forecast Values Using Splunk Machine Learning Toolkit

Happy Splunking !!

What’s your Reaction?

Spread our blog
Previous articleSplunk Search Modes
Next articleHow to Create Calculated Fields in Splunk
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.


Please enter your comment!
Please enter your name here