Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Identify which power meter reading has stopped increasing for 5 days

splunk_rookie
Engager
‎03-30-2021 02:23 AM

Hi, I am trying to identify which power meter reading has stopped increasing for 5 days. 

As these power values are accumulated, I assumed that they are always in sequential order with respect to time. Therefore, I sorted the data by ASSET_NAME and _time to get the latest value. Then I took the difference between the latest value for every 5 days. So if the difference is 0, it means that there is no power increment.

Do you think that this logic flow is correct? Below is my code:

 

| bucket _time span=5d

| sort 0 ASSET_NAME _time

| stats latest(VALUE) as latestValue by ASSET_NAME _time

| delta latestValue as difference

| search difference = 0

 

Also, let's say the power values are not in sequential order due to some issue, how can I accurately identify the  power meter that has stopped increasing?

Please help. Thank you! 🙂

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎03-30-2021 03:10 AM

Rather than latest, how about using max()?

0 Karma
Reply

splunk_rookie
Engager
‎03-31-2021 08:27 AM

I get the same result as using latest ()

Anyway, I came up with another solution. First I sorted by ASSET_NAME and _time, then I used delta to find the power difference between each consecutive events. Next i used delta again to find the duration between the two events. Lastly I searched for power difference = 0 and duration > 432000 sec (5days). 

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...