Solved: timechart per month even if some months are missin...

claatu · ‎12-18-2017

I have this search:
index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id

This gives me a chart with data in some months, but for months without data, blanks. What I want is the latest value (score) as is seen by any given month, up to that time. And the chart would have the latest 6 months. So given these months and data:

2-2017 : 1
3-2017 : 2
4-2017 : 3
5-2017 : no data
6-2017 : 4
7-2017 : no data
8-2017 : 6
9-2017 : no data
10-2017 : 7
11-2017 : no data
12-2017 : no data

The chart I want to end up with is:
7-2017 : 4
8-2017 : 6
9-2017 : 6
10-2017 : 7
11-2017 : 7
12-2017 : 7

suggestions?

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

View solution in original post

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

claatu · ‎12-19-2017

Perfect! And all too easy...thanks!

timechart per month even if some months are missing data

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

timechart per month even if some months are missing data

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers