Let's break down the search piece by piece:
Search fragment |
Description |
index=main sourcetype=access_combined |
You should now be familiar with this search from the earlier recipes. It is used to return events from the website access log. |
| timechart span=1h count |
The timechart command simply performs a count of events in 1-hour intervals. This produces the total count in a tabular form. |
| predict count |
The predict command is used to look back over the given data set and generate three new fields: prediction, which is the predicted future value for the given data point; upper95, which is the upper confidence interval; and lower95, which is the lower confidence interval. The confidence intervals specify ... |