Hi,

I'm working with the Splunk Infrastructure Monitoring Add-on, collecting information from Splunk Observability Suite (aka SignalFX) on ITSI, using the "sim flow". I'm trying to build KPI Base searches using this command and the information that the add-on is collecting.

When I execute the following query:

| sim flow query="data('cpu.utilization', filter=filter('host', '*')).publish()"

From the events of this result, some of the events related to X hosts have a variable AWSUniqueId that I'd like to obtain. For other hosts this variable doesn't exist and so, it doesn't appear in the event.

Therefore, I've tried with the following simple query:
| sim flow query="data('cpu.utilization', filter=filter('host', '*')).publish()"
| chart values(AWSUniqueId) as AWSUniqueId by host

But sometimes I receive all the information (with the correlation of the values), and other times it just shows all the column of AWSUniqueId with empty values, even though if I check on the events the parameter is there. It looks strange since if I just execute the query sometimes it gives the results and other times don't. Has anybody faced this same issue? Could it be a bug on the add-on? Or is not allow what I'm trying to build with this data?

Thanks in advance!

Best Regards,
Raquel