This example demonstrates how someone can upload timestamps and automate the collection of data from NTerminal with Splunk Enterprise.
Random timestamps are taken.
timestampsare numbered and in
The .csv file is uploaded to splunk (via Settings>Lookups>"+Add New" under “Lookup table files”)
| inputlookup example_timestamp.csvinto the search head
The following search will filter for trade events (using the
index=financial sourcetype=ohlcv data source) meeting the financial specifications.
It then pulls the uploaded timestamp file, converts the
%Y-%m-%dT%H:%M:%S.%Q" format into Unix Epoch time and rounds to the whole number. Candelstick events are then limited to those with a
_time value of those timestamps.
index=financial sourcetype=ohlcv symbol=BTC market_venue IN (COINBASE, KRAKEN, BITSTAMP, COINBASE, GEMINI, BINANCE, HITBTC, COINBENE) base IN (USD, PAX, USDT) ([| inputlookup example_timestamp.csv | eval timestamp=strptime(timestamp, "%Y-%m-%dT%H:%M:%S.%Q"), timestamp = mvindex(split(timestamp, "."), 0), timestamp = "_time=".timestamp | stats values(timestamp) as times | eval times = mvjoin(times, " OR ") | return $times]) | fields _time close market_venue | stats latest(close) as usd_price by market_venue _time
close price at each timestamp is returned per
market_venue. Below are the results for our example dataset.
These results can then be exported by following the instruction on the “Export Data” page.