Hello,
I am trying to build an application dealing with statistics with Splunk. However, I can't find the right way to do so.
Every 15 mn 1 get an event from which I can extract several values. let's call them val1, val 2 ... valN.
What I would like to do is to create a table containing the variance V1 of all past values of val1 in column1 ; variance V2 of all past values of val2 in column2 ; ... ; variance VN of all past values of valN in columnN
I need to store this table somehow in Splunk, so that I can search it. Of course this table would be updated evey 15 mn as new events are used to compute the variances.
Could you tell me how to proceed to do such thing?
That would be very helpfull.
Thanks in advvance,
Olivier
Hi there-
I'm not sure what you've tried already but you have several options:
You can utilize Splunk's lookup functionality by:
a. write the data you want to save out to a csv file, using the outputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Outputlookup
b. read the data back in from the file using the inputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Inputlookup
Schedule the search that you've created, to extract your values, and choose to write them to a summary index. You can then search that summary index for the relevant values.
Although option 2 is valid, it may be overkill, depending on how you want to manage your data. I would start out with the first option and see if that does what you need it to.