I have a dynamic dashboard timechart that is being fed by user inputs that is having trouble working with my predict query.
I currently have something close to 1500 hosts to accomodate and am only requiring the prediction query to occur when the OTHER field appears ($host$ defaults to *)
I want to be able to :
see the lowest 10 hosts and an aggregate of all other hosts with a future-only prediction when no selection is made -- **working** with my below query
**AND**
for the graph to still draw when selected hosts are inputted (no OTHER field present) -- **NOT WORKING**
Here is what i have so far:
index=blah sourcetype=blah host=$host$
timechart median(blah) as Blah by host WHERE min in bottom10
| predict OTHER as Prediction
| eval Prediction=if(_time<=relative_time(now(),"-1w"), null, 'Prediction')
I'm attempting to achieve the following or some other workaround:
if (OTHER is null)
{ don't run prediction query }
else
{ run prediction query }
Any help would be greatly appreciated :)
↧