Hi,
Currently I am trying to set up a summary indexing , so there will be three summary indexes for each service
1. Summary index for per day
2. Summary index for per hour
3. Summary index for per minute
I have set up a plan how I can go ahead with "day" and "hour" as follows :
DAY : index="XXXX" source="XXXXXXXXX" earliest=-1d@d latest=-0d@d | bucket _time span=1day | sistats count avg(XX) max(XX) min(XX) by _time, A,B,C,D,E
cron : 00 01 * * *
I am running on the last 1 day data on each day at 01:00 clock in the morning
HOUR : index="XXXXX" source="XXXXXXXX" earliest=-1h@h latest=-0h@h | bucket _time span=1h | sistats count avg(XX) max(XX) min(XX) by _time, A,B,C,D,E
cron= 10 * * * *
so the cron is each hour 10 minutes my search will run for the last one hour
I am not able to find the solution for PER MINUTE data, how should I make my search and how to set up cron effectively. Mainly I need to set up a search that fits the following requirements:
o Search for data between 10:20 and 10:30
o Execute this search by cron at 10:35, for example
o Use 1 minute spanning in the search
o Extend this example to cover a complete hour instead of 10:20 to 10:30
Please help me asap , your help is very much appreciated !!
Thanks in advance !!
You can use a timerange of -15m@m
to -5m@m
and have a cron schedule of 5,15,25,35,45,55 * * * *
. The run at 35 past the hour will then search from 20 past the hour to 30 past the hour.
For one-minute spans just set span=1m
.
You can use a timerange of -15m@m
to -5m@m
and have a cron schedule of 5,15,25,35,45,55 * * * *
. The run at 35 past the hour will then search from 20 past the hour to 30 past the hour.
For one-minute spans just set span=1m
.
One search is enough. The comma-separated list of minutes works within one cron schedule.
http://en.wikipedia.org/wiki/Cron#CRON_expression
Martin,
Do we need more than one search to get this configured ?
Thanks Martin_Mueller for the prompt reply !! Really much appreciated