Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating Incremental Summaries Using Report Acceleration

milanparmar541
Explorer
‎10-27-2020 11:55 AM

Hi everyone,

I am trying to accelerating one savedsearch "index=main |stats count by type,severity". Now I want an accelerated summary of "All time" data for the first time only and later, every 10minutes I want to collect an incremental summary of the last 10minutes data on top of the "All time" accelerated summary. Is there any way to achieve this?

Note: I've come across to know the auto_summarize.dispatch.earliest_time parameter which seems directly bound to "Summary range". If I keep earliest_time to -10min(Because auto_summarize.cron_schedule parameter is set to */10 * * * *) then my summary range is also changing from "Alltime" to "1 Day".

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...