Quick question

[Craig Merchant]

Is it possible to feed ra tools a comma-separated list of files to use or is it limited to either a single file or recursing through an entire directory structure?

We are eventually going to build a GUI front-end to Argus in Splunk.  Given the volume of data we're dealing with, I don't want Argus to recurse through days/weeks of flow data if the search is only spanning a few minutes or hours.  If I put the epoch time value in the file name, it should be pretty trivial to generate the list of files that span the time period I want to search.

If that isn't supported, it would be great if rasplit or rabins could invoke ratimerange each time they write a file to some kind of index file that other ra clients could point to so that when recursing through the directory structure, they only open files that contain records within the specified time range.

Thanks.

C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130114/73c5265d/attachment.html>