Solved: Re: How to search for the the last data point in a...

minkyuk · ‎06-30-2015

In a given graph, say,

[|inputlookup capacityQuarterOne.csv] in which I have a big table of [ host / used_mb ] for every different host.

The search runs for past x # of days (7 days, 30 days, 1 quarter, etc.).

How could I find the LAST point in the graph (final point) for each host in the table?
I just want to make sure it's less than max threshold cap, so I want to report the final point for every host in the graph.

I would highly appreciate any input from you Splucktians,

Thank you in advance,
Jack

woodcock · ‎06-30-2015

Like this:

... | dedup host

View solution in original post

woodcock · ‎06-30-2015

Like this:

... | dedup host

minkyuk · ‎06-30-2015

Isn't dedup just omitting duplicating elements?

woodcock · ‎06-30-2015

It works by keeping the latest example of the deduped fields. It does exactly what you are desiring: keep the most recent event for each host.

How to search for the the last data point in a graph for each host in a table?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

How to search for the the last data point in a graph for each host in a table?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR