oneshot is not sufficient for me.
cat historical.log | replayThrottleScript > /tmp/replay.log
use a splunk data monitor to tail follow /tmp/replay.log and write the data to index=replay
use a dashboard backed by a (indexed) real-time search
the linux pv -L command can throttle the rate to n lines per sec
you could use a perl one-liner to filter the historical.log and insert a null character every time the timestamp changes by more than 1 sec. then apply pv -L.
if you need fastFwd, rewind, 4x 8x 16x, parse the timestamp within perl/python, do some calculation with dt and system time.
Case 193187 - "Replay" command
https://wiki.splunk.com/Community:ERs
... View more