Solved: timechart per month even if some months are missin...

claatu · ‎12-18-2017

I have this search:
index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id

This gives me a chart with data in some months, but for months without data, blanks. What I want is the latest value (score) as is seen by any given month, up to that time. And the chart would have the latest 6 months. So given these months and data:

2-2017 : 1
3-2017 : 2
4-2017 : 3
5-2017 : no data
6-2017 : 4
7-2017 : no data
8-2017 : 6
9-2017 : no data
10-2017 : 7
11-2017 : no data
12-2017 : no data

The chart I want to end up with is:
7-2017 : 4
8-2017 : 6
9-2017 : 6
10-2017 : 7
11-2017 : 7
12-2017 : 7

suggestions?

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

View solution in original post

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

claatu · ‎12-19-2017

Perfect! And all too easy...thanks!

timechart per month even if some months are missing data

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)