Timechart how to keep latest value

d_rech67 · ‎02-11-2021

I'm getting in my splunk database a set of data coming from 8 sensors
Those 8 sensor work in a consecutive sequence
That means that when I get the info only 1 of the 8 set of data is updated

Currently my timechart shows only the last set of data all the others are 0 (zero)

index="morfi" | timechart bins=100 cont=false last(S3_F_Lp)

In the bellow image each column represent one sensor set of data

Thanks for your help

d_rech67 · ‎02-14-2021

Thnks for coming back to me.

Average:
No in fact we want to have each column showing one sensor, what we already have.

what we don't have and would like to have is to see the latest result (<> 0) of each sensor and not only the one of the last sensor that has sent data.

What is happening currently is that the value of sensor S(i) value drop to zero as soon as the data S(i+1) is loaded.
We would like to keep the last value of each sensor.

index="morfi" | timechart bins=100 cont=false last(S1_F_Lp)

On an other dashboards we are getting this OK with a different display type
| stats latest(S1_F_Lp) as " S1_F_Lpmm", latest(S2_F_Lp) as "S2_F_Lpmm", latest(S3_F_Lp) as "S3_F_Lpmm", latest(S4_F_Lp) as "S4_F_Lpmm", latest(S5_F_Lp) as "S5_F_Lpmm", latest(S6_F_Lp) as "S6_F_Lpmm", latest(S7_F_Lp) as "S7_F_Lpmm", latest(S8_F_Lp) as "S8_F_Lpmm"

lydiapal_splunk · ‎02-13-2021

Could you send a sample of your data to understand your question better? And what are you looking to show - average across the 8 sensors or?

Timechart how to keep latest value

timechart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms