I'm wanting to set up a scheduled search which generates some stats and sends them to a webhook...ideally I would like it to be as near to realtime as possible. If I configure it as a "Real Time" scheduled search it appears to run once per minute, which is great....however it won't let me set the time range for the search to anything shorter than 5 minutes (why??)....so I would always have 4 minutes of duplicated data. But ok fine, if I accept the minimum 5 minute window, can I run the search every 5 minutes? Nope...other than realtime the minimum run frequency is every 15 minutes (also, why?), even when using the cron config. It seems the best I can do is a 15 minute frequency, with a TimeRange of "-20m to -5m" (to allow for 5mins of ingress latency)....which means my generated stats are quite chunky and potentially 20mins old when I get them, which isn't terribly ideal. Is there something I'm missing here? is there a better way to do this? Thanks!
Please sign in to leave a comment.