Can anyone help me in understanding what the Accumulator value data type can be used for or direct me to any document that explains its use.
According to the product guide:
"If you have custom fields that pull numeric data from a source, accumulator indexing can perform
sums or averages over time on this data. You can accumulate several events together and average
their value or generate a trending value."
That trending value is then used in generating graphs from what I can tell.
This can get complicated and to date I have yet to find any documentation on it.
I figured this out via trial and error in the lab.
Accumulator fields are effectively numerical fields bound to some other field so that you can track how much a particular field has done.
Bytes by IP or packets by Port.
Depending on how you plan to use it there are different ways to take advantage of it.
#1 which is on by default is for for NetFlow data. It allows you all those nifty views with byte and packet value, etc
#2 is in the correlation deviation component. Notice you can only use accumulator fields.
#3 and this is if you really want to get adventuress, you can bind regular event fields to accumulator fields in the database, index section of ESM mgt. (note you can only bind 5 by default)
Let me know if you need any more help.