Solved: timechart per month even if some months are missin...

claatu · ‎12-18-2017

I have this search:
index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id

This gives me a chart with data in some months, but for months without data, blanks. What I want is the latest value (score) as is seen by any given month, up to that time. And the chart would have the latest 6 months. So given these months and data:

2-2017 : 1
3-2017 : 2
4-2017 : 3
5-2017 : no data
6-2017 : 4
7-2017 : no data
8-2017 : 6
9-2017 : no data
10-2017 : 7
11-2017 : no data
12-2017 : no data

The chart I want to end up with is:
7-2017 : 4
8-2017 : 6
9-2017 : 6
10-2017 : 7
11-2017 : 7
12-2017 : 7

suggestions?

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

View solution in original post

somesoni2 · ‎12-18-2017

Try this

index=alpha asset_id=100 | timechart span=1mon latest(score) by asset_id | filldown *

claatu · ‎12-19-2017

Perfect! And all too easy...thanks!

timechart per month even if some months are missing data

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

timechart per month even if some months are missing data

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...