Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

table of intermediary results

olivier_romain
Engager
‎12-26-2012 05:13 AM

Hello,

I am trying to build an application dealing with statistics with Splunk. However, I can't find the right way to do so.

Every 15 mn 1 get an event from which I can extract several values. let's call them val1, val 2 ... valN.

What I would like to do is to create a table containing the variance V1 of all past values of val1 in column1 ; variance V2 of all past values of val2 in column2 ; ... ; variance VN of all past values of valN in columnN

I need to store this table somehow in Splunk, so that I can search it. Of course this table would be updated evey 15 mn as new events are used to compute the variances.

Could you tell me how to proceed to do such thing?

That would be very helpfull.

Thanks in advvance,

Olivier

Tags (1)
0 Karma
Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎12-26-2012 03:40 PM

Hi there-

I'm not sure what you've tried already but you have several options:

  1. You can utilize Splunk's lookup functionality by:
    a. write the data you want to save out to a csv file, using the outputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Outputlookup
    b. read the data back in from the file using the inputlookup command, http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Inputlookup

  2. Schedule the search that you've created, to extract your values, and choose to write them to a summary index. You can then search that summary index for the relevant values.

Although option 2 is valid, it may be overkill, depending on how you want to manage your data. I would start out with the first option and see if that does what you need it to.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...