Basically I would like to save/store the result to Splunk so that I can use it at a later time for other purposes
Let's assume that I have the following table:
Let's say we are in December 15, if we look at the column December 2015, we can see that it is missing a value because we are in Dec-15, so the results are not available yet.
Let's jump through time and pretend that we are now in January and the value is calculated as "2". This number "2" is calculated based on user input of December 15. I would like to "freeze off" this number and remove the calculation so that this number stays the same as time goes on.
An approach I thought of is to save this number to Splunk somehow (I have not figured this out yet).
Another approach is to save the user input at the time the user types in, and the calculation will be based on this user input for that particular month.
Any help/suggestion is greatly appreciated.
I am trying to create summary index and want to run report schedule every 15 min with 5 min schedule window. Now let say I want to run a from 00:00 to 00:15 and report schedule started at 00:17, how can I configure my time range to get data between 00:00 to 00:15?
Thanks in advance for help!!!
I would use one of the following two options to save your value and then the equivalent input command to read it later on:
There are more but those are by far the easiest ones from my point of view.
Summary indexing is another possibility: http://docs.splunk.com/Documentation/Splunk/6.3.2/Knowledge/Usesummaryindexing