Hi,

Currently I am trying to set up a summary indexing , so there will be three summary indexes for each service
1. Summary index for per day
2. Summary index for per hour
3. Summary index for per minute

I have set up a plan how I can go ahead with "day" and "hour" as follows :

DAY : index="XXXX" source="XXXXXXXXX" earliest=-1d@d latest=-0d@d | bucket _time span=1day | sistats count avg(XX) max(XX) min(XX) by _time, A,B,C,D,E

cron : 00 01 * * *

I am running on the last 1 day data on each day at 01:00 clock in the morning

HOUR : index="XXXXX" source="XXXXXXXX" earliest=-1h@h latest=-0h@h | bucket _time span=1h | sistats count avg(XX) max(XX) min(XX) by _time, A,B,C,D,E

cron= 10 * * * *

so the cron is each hour 10 minutes my search will run for the last one hour

I am not able to find the solution for PER MINUTE data, how should I make my search and how to set up cron effectively. Mainly I need to set up a search that fits the following requirements:
o Search for data between 10:20 and 10:30
o Execute this search by cron at 10:35, for example
o Use 1 minute spanning in the search
o Extend this example to cover a complete hour instead of 10:20 to 10:30

Please help me asap , your help is very much appreciated !!

Thanks in advance !!