In a previous month, our AWS billing feed received 31 cost adjustment records. The 2 searches on that dashboard (monthly-cost-by-account and monthly-cost-by-service) adds all the cost events for that given month thus distorting the total cost. The actual cost was received in the last event. The search string for each of the dashboard displays is as follows

`aws-billing-monthly($cAccountId$, $cCurrency$)` RecordType=AccountTotal  | timechart span=1mon eval(round(sum(TotalCost),2)) as TotalCost by LinkedAccount limit=20 | eval nowstring=strftime(now(), "%Y-%m")  | eval timestring=strftime(_time, "%Y-%m") |  where NOT timestring=nowstring | fields - nowstring timestring

`aws-billing-monthly($cAccountId$, $cCurrency$)` RecordType=LinkedLineItem | timechart span=1mon eval(round(sum(TotalCost),2)) as TotalCost by ProductName limit=20 | eval nowstring=strftime(now(), "%Y-%m") | eval timestring=strftime(_time, "%Y-%m") | where NOT timestring=nowstring | fields - nowstring timestring

The search strings above are only expecting 1 record for a given month.

So, my question(s) is how to proceed - can the 2 searches be modified to handle multiple cost adjustments records received in a given month using the last one as the final cost? Should I attempt to delete the 30 records that do not reflect the true/final cost ot that month? The search strings above are only expecting 1 record for a given month.