Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Delayed/Offset Datamodel Acceleration

bkeif
Path Finder
‎04-20-2020 01:54 PM

I have a large set of data that comes in to splunk regularly but on couple days delay. It needs to be accelerated to be usable in our environment but I think If I wanted a 7 day datamodel I would need some way to tell the datamodel to start accelerating at -3d and go back 7 days from there to give the data some time to get in instead of starting now and going back 7 days as data will never be in "now".

Any thoughts / suggestions other than just making a summary index manually?

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...