I have a report on disk volumes that runs nightly. Recently I have started collecting data for a volume that changes in size as the need for space increases. I would like my report to reflect the stats related to the current volume size and not have multiple entries based upon differing sizes for the same volume.

BASE_HOST  | VOLUME    | Size | Trend    | Smallest | Peak  | Current | Average |        Last Updated 
clt11evfs2 | /iarchive | 5.4T |  graph   |    96.00 | 98.00 |   98.00 |   97.19 | 12/14/2016 08:35:54 
clt11evfs2 | /iarchive | 5.6T |  graph   |    95.00 | 96.00 |   96.00 |   95.03 | 12/16/2016 09:26:06 

(where it says graph it's a sparkline)

As you can see, I get returns for both 5.4T and 5.6T when all I want is the 5.6T.

index=os sourcetype=df filesystem=* Type=nfs* filesystem=*evfs*| 
rex field=filesystem "(?[^\:]+)\:(?[^$]+)"|
rex field=SHARE "^(?\/[^\/]+)"| 
rex field=Size "^(?\d+)(?\w)" |
lookup dnsLookup ip as HOST|
eval HOST=lower(host)|
eval HOST=lower(HOST)| 
fillnull value="nope" HOST|
rex field=HOST "^(?[^.]+)" | 
rex field=BASE_HOST mode=sed "s/qa//" |  
stats sparkline(avg(PercentUsedSpace),15m) as Trend  min(PercentUsedSpace) as Smallest, max(PercentUsedSpace) as Peak, latest(PercentUsedSpace) as Current, avg(PercentUsedSpace) as Average, latest(_time) as "Last Updated" by BASE_HOST, VOLUME, Size | 
convert ctime("Last Updated") | 
sort -Current |
eval Average=round(Average, 2) | 
eval Peak=round(Peak, 2) | 
eval Current=round(Current, 2) |
eval Smallest=round(Smallest, 2)