How to carry forward values of a field to next eve...

achoudhary1 · ‎11-09-2018

My goal is to see the availability of NSG devices in percentage. Each NSG is connected to 4 VSCs. If connection to :
All VSC are UP ------- Availability - 100%
1 ----VSCs goes down - Availability - 75%
2nd VSCs goes down - Availability - 50%
3rd VSCs goes down - Availability - 25%
4th VSCs goes down - Availability - 0%
Here is an example :
My Data:
Time ----VSC --------Status------------Availability------Comment
Time1 ---VSC1 ------Connected- -----100%--------------All-VSCs-connected
Time2 ---VSC1 ------Lost ------------------75% -------------1-VSC-disconnected
Time3 ---VSC2 ------Connected---------75% -------------Still-only-1-VSC-is-disconnected
Time5 ---VSC2 ------Lost ------------------50% -------------2nd-VSC-got-disconnected
Time6 ---VSC2 ------Connected---------75% -------------2nd VSC got connected back so-only-VSC1-is-disconnected
Time7 ---VSC2 ------Lost ------------------50% -------------2nd-VSC-got-disconnected
Time8 ---VSC1 ------Connected---------75% -------------1st-VSC-got-connected,-so-now-only-1-VSC-disconnected
Time9 ---VSC3 ------Lost------------------50% -------------another-lost
Time10 ---VSC4 ------Lost -----------------25% -------------another-lost
Time11 ---VSC1 ------Lost -----------------0% -------------all-down
Time12 ---VSC1 ------Connected--------25% ------------1-connected
Time13 VSC3 -------Connected--------50%------- ------another-connected

This chart is for single NSG device. My first priority is to do this for single NSG and once its done I want to implement the same logic of multiple NSGs using a single query.

How to carry forward values of a field to next event till it changes?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7