Hi,
I'm trying to follow the disk usage as gather by the *NIX app. I think the most appropriate timechart function would be `latest()` since neither `max()` nor `min()` are quite what I need. However, I've noticed the weirdness that `latest()` doesn't display any values in the visualisation *when used on its own.* BUT, if I also include `max()`, then both values will be shown.
Works (draws graphs for both values):
index=os host=foo OR host=bar sourcetype=df|eval hostmount=host+":"+MountedOn | timechart span=1h max(UsePct), latest(UsePct) by hostmount
Doesn't work (no graph is drawn):
index=os host=foo OR host=bar sourcetype=df|eval hostmount=host+":"+MountedOn | timechart span=1h latest(UsePct) by hostmount
I've noticed that it also works if I use `latest()` in combination with any other statistical function, such as `median()`, `avg()`, `min()`, etc. But it just doesn't work on its own. I'm using Splunk 6.2.4. Is this a bug or just something I'm not getting?
↧