Splunk Search

table of intermediary results

olivier_romain
Engager

Hello,

I am trying to build an application dealing with statistics with Splunk. However, I can't find the right way to do so.

Every 15 mn 1 get an event from which I can extract several values. let's call them val1, val 2 ... valN.

What I would like to do is to create a table containing the variance V1 of all past values of val1 in column1 ; variance V2 of all past values of val2 in column2 ; ... ; variance VN of all past values of valN in columnN

I need to store this table somehow in Splunk, so that I can search it. Of course this table would be updated evey 15 mn as new events are used to compute the variances.

Could you tell me how to proceed to do such thing?

That would be very helpfull.

Thanks in advvance,

Olivier

Tags (1)
0 Karma

sbrant_splunk
Splunk Employee
Splunk Employee

Hi there-

I'm not sure what you've tried already but you have several options:

  1. You can utilize Splunk's lookup functionality by:
    a. write the data you want to save out to a csv file, using the outputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Outputlookup
    b. read the data back in from the file using the inputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Inputlookup

  2. Schedule the search that you've created, to extract your values, and choose to write them to a summary index. You can then search that summary index for the relevant values.

Although option 2 is valid, it may be overkill, depending on how you want to manage your data. I would start out with the first option and see if that does what you need it to.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...