Hello, I am trying to build an application dealing with statistics with Splunk. However, I can't find the right way to do so. Every 15 mn 1 get an event from which I can extract several values. let's call them val1, val 2 ... valN. What I would like to do is to create a table containing the variance V1 of all past values of val1 in column1 ; variance V2 of all past values of val2 in column2 ; ... ; variance VN of all past values of valN in columnN I need to store this table somehow in Splunk, so that I can search it. Of course this table would be updated evey 15 mn as new events are used to compute the variances. Could you tell me how to proceed to do such thing? That would be very helpfull. Thanks in advvance, Olivier ... View more

hello, I am trying to retreive timestamp from filename. I have files named like "disco_20120531.txt" with content looking like: "net0 family 'Web' application 'videosurf' path 'base.eth.8021q.ip.gre.ppp.ip.tcp.http.videosurf' rate 0 totbytes 25664 nb_packet 231 nb_uapp_cnx 25" I try to set timestamp from filename "disco_20120531.txt" to 31/05/2012 However I couldn't make it. My app props.conf : [source::/root/data/disco/daily/*] NO_BINARY_CHECK = 1 SHOULD_LINEMERGE = false pulldown_type = 1 TIME_PREFIX = disco_ TIME_FORMAT = %Y%m%d This config works if the filename is added to the file content, but otherwise not. Time stamp is not found and splunk uses file mod time instead. Does anyone has got an idea what's wrong? Thanks in advance, Olivier ... View more