Quantcast
Viewing all articles
Browse latest Browse all 13053

Is it possible to increment values time after time ?

Hi there,

Because of some product limitations on a SMTP server, I need to desactivate snmp polling but I have to keep an eye on the mail queue growth.

The server is sending real time logs to splunk via syslog and I already identified fields to find out if a mail has just been queued, or if it has been delivered from queue. My problem is what I get is the current value, and not the sum of the queue size.

Is there a way to add the new value with previous result (by minute) and graph it in a timechart to get a representative view of the queue size ?

secondarily, I cant get to substract the out value from the IN, here's my code:

| eval queuein=case(stat == "Deferred:", "FILL IN") 
| eval queueout=case(stat == "Sent", "FILL OUT")
| eval queue=queuein-queueout

If anyone could help me with that, I'd really appreciate. Regards, Romain.


Viewing all articles
Browse latest Browse all 13053

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>