Comments and answers for "Exponential Smoothing Implementation in Splunk"
https://answers.splunk.com/answers/70620/exponential-smoothing-implementation-in-splunk.html
The latest comments and answers for the question "Exponential Smoothing Implementation in Splunk"Answer by jonuwz
https://answers.splunk.com/answering/70669/view.html
The trick here is to make all the data required for the calculation in the current event.
Looking at the formula, it only relies on the previous value of x and the previous value of s.
You can pull the previous value of a field into the current event like this :
... | streamstats window=1 current=f total as prev_total
so now you have access to x{t} and x{t-1} in the event. ( total and prev_total fields respectively)
You'll also need to pre-populat the 1st valid value of s, then you can use the above method to 'stream' the previous value of s into the current event to calculate s{t}Thu, 03 Jan 2013 11:11:20 GMTjonuwzComment by samsplunkd on samsplunkd's answer
https://answers.splunk.com/comments/70641/view.html
Thanks for the reply But my requirement is little different. This formula expects values from previous calculated results so I would like to know if there is a way I can refer to field values separately like arrays as specified in my question above.
s{t}=[alpha * x{t-1}] + [(1-alpha)s{t-1}], t>1Thu, 03 Jan 2013 08:05:20 GMTsamsplunkdAnswer by yannK
https://answers.splunk.com/answering/70631/view.html
To do a cumulative total in a new field, take a look at the function eventstats.
http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/Eventstats
and maybe too at the function predict that may already do what you want.
http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/PredictThu, 03 Jan 2013 03:18:43 GMTyannK