Answers for "Exponential Smoothing Implementation in Splunk"
https://answers.splunk.com/answers/70620/exponential-smoothing-implementation-in-splunk.html
The latest answers for the question "Exponential Smoothing Implementation in Splunk"Answer by jonuwz
https://answers.splunk.com/answering/70669/view.html
The trick here is to make all the data required for the calculation in the current event.
Looking at the formula, it only relies on the previous value of x and the previous value of s.
You can pull the previous value of a field into the current event like this :
... | streamstats window=1 current=f total as prev_total
so now you have access to x{t} and x{t-1} in the event. ( total and prev_total fields respectively)
You'll also need to pre-populat the 1st valid value of s, then you can use the above method to 'stream' the previous value of s into the current event to calculate s{t}Thu, 03 Jan 2013 11:11:20 GMTjonuwzAnswer by yannK
https://answers.splunk.com/answering/70631/view.html
To do a cumulative total in a new field, take a look at the function eventstats.
http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/Eventstats
and maybe too at the function predict that may already do what you want.
http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/PredictThu, 03 Jan 2013 03:18:43 GMTyannK