Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to continue with last known value on a simple timechart

ajtalbot1
Engager
‎10-31-2019 11:04 AM

Simple search to look at the battery status on my UPS:

UPS_BATT
| timechart max(UPS_BATT) span=1m

But the UPS_BATT value only comes in every 4~12 hours.

How do I continue with last known value, until real data shows up?

0 Karma
Reply

arjunpkishore5
Motivator
‎10-31-2019 06:10 PM

If I understand your question right, you need to use filldown

UPS_BATT
| timechart max(UPS_BATT) as UPS_BATT  span=1m
| filldown UPS_BATT

Documentation here - https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/Filldown

Hope this helps

Cheers

Reply

arjunpkishore5
Motivator
‎11-01-2019 04:20 AM

Hi @ajtalbot1 Thank you for the Upvote. Could you please mark as answer if this is what you were looking for. Cheers!

0 Karma
Reply

ajtalbot1
Engager
‎10-31-2019 12:18 PM

Pic attached. UPS reached 100%, and it will not provide an update until:
4 hours have gone by
battery status changes

How do I fill in the red section in the graph? Basically just assume the last known value, in this case 100, until real data is provided.
alt text

Preview file
50 KB
0 Karma
Reply

nplamondon
Communicator
‎10-31-2019 12:00 PM

If the problem is that you're seeing the graph go to zero between readings on a line chart, under Format, you'll find a setting for Null Values. Set that to "Connect" and you should see those gaps go away.

If I've misunderstood your issue, please expand your explanation. Screenshots for this sort of thing are helpful, too.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...