I'm trying to create a stat which gives a RATE for the last 5 minutes whenever you run get_stat.

• The code example below runs within a im_msvistalog module
• Each of the stats are updates using add_stat('NAME', 1, $EventReceivedTime) in the main Exec block.
• The first schedule (re)creates the stats each hour - see below
• The second schedule outputs the stats each minute - see below

<Schedule>
    Every           1 hour
    <Exec>
        create_stat('ep1m', 'RATE', 60, now(), 3600);  # Change of count of events in the last 1 MINUTE
        create_stat('ep5m', 'RATE', 300, now(), 3600); # Change of count (i.e. rate) of events in the last 5 MINUTES
    </Exec>
</Schedule>
<Schedule>
    Every           1 min
    <Exec>
        log_info(get_stat('ep1m') + ' events collected from Windows Security Event Log in the last 1 minutes');
        log_info(get_stat('ep5m') + ' events collected from Windows Security Event Log in the last 5 minutes');
    </Exec>
</Schedule>

• The stat that gives me a rate per minute is working fine.
• The stat that gives me a rate per 5 minutes is not working as expected.

create_stat('ep5m', 'RATE', 300, now(), 3600);

My expectation was that each minute, when I write the log, it would give me the RATE (i.e. change in count) for the last 300 seconds. I expected this value to go up and down each minute when I write the log info output. Instead it seems to be grouping the statistics into fixed 5 minute windows from the creation of the counter. That is, a RATE for the first 0-5 mins, then a new RATE for the next 5-10 mins, etc.

Is there a way to ensure that when I query the statistics for the last 5 minutes it always gives me the interval between now() and 300 seconds ago?