I'm trying to create a stat which gives a RATE for the last 5 minutes whenever you run get_stat. The code example below runs within a im_msvistalog module Each of the stats are updates using add_stat('NAME', 1, $EventReceivedTime) in the main Exec block. The first schedule (re)creates the stats each hour - see below The second schedule outputs the stats each minute - see below <Schedule> Every 1 hour <Exec> create_stat('ep1m', 'RATE', 60, now(), 3600); # Change of count of events in the last 1 MINUTE create_stat('ep5m', 'RATE', 300, now(), 3600); # Change of count (i.e. rate) of events in the last 5 MINUTES </Exec> </Schedule> <Schedule> Every 1 min <Exec> log_info(get_stat('ep1m') + ' events collected from Windows Security Event Log in the last 1 minutes'); log_info(get_stat('ep5m') + ' events collected from Windows Security Event Log in the last 5 minutes'); </Exec> </Schedule> The stat that gives me a rate per minute is working fine. The stat that gives me a rate per 5 minutes is not working as expected. create_stat('ep5m', 'RATE', 300, now(), 3600); My expectation was that each minute, when I write the log, it would give me the RATE (i.e. change in count) for the last 300 seconds. I expected this value to go up and down each minute when I write the log info output. Instead it seems to be grouping the statistics into fixed 5 minute windows from the creation of the counter. That is, a RATE for the first 0-5 mins, then a new RATE for the next 5-10 mins, etc. Is there a way to ensure that when I query the statistics for the last 5 minutes it always gives me the interval between now() and 300 seconds ago?