Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to continue with last known value on a simple timechart

ajtalbot1
Engager
‎10-31-2019 11:04 AM

Simple search to look at the battery status on my UPS:

UPS_BATT
| timechart max(UPS_BATT) span=1m

But the UPS_BATT value only comes in every 4~12 hours.

How do I continue with last known value, until real data shows up?

0 Karma
Reply

arjunpkishore5
Motivator
‎10-31-2019 06:10 PM

If I understand your question right, you need to use filldown

UPS_BATT
| timechart max(UPS_BATT) as UPS_BATT  span=1m
| filldown UPS_BATT

Documentation here - https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Filldown

Hope this helps

Cheers

Reply

arjunpkishore5
Motivator
‎11-01-2019 04:20 AM

Hi @ajtalbot1 Thank you for the Upvote. Could you please mark as answer if this is what you were looking for. Cheers!

0 Karma
Reply

ajtalbot1
Engager
‎10-31-2019 12:18 PM

Pic attached. UPS reached 100%, and it will not provide an update until:
4 hours have gone by
battery status changes

How do I fill in the red section in the graph? Basically just assume the last known value, in this case 100, until real data is provided.
alt text

Preview file
1 KB
0 Karma
Reply

nplamondon
Communicator
‎10-31-2019 12:00 PM

If the problem is that you're seeing the graph go to zero between readings on a line chart, under Format, you'll find a setting for Null Values. Set that to "Connect" and you should see those gaps go away.

If I've misunderstood your issue, please expand your explanation. Screenshots for this sort of thing are helpful, too.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...