I am trying to figure out how many events are coming in per hour on a given a input module named win.
I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?
My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019
Exec log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);
Every 60 sec
Exec if (file_size('%WINLOG%') >= 2G) \
file_cycle('%WINLOG%', 500); \
Path win => winout, Grid