Is it possible for Analysis to report last relevant value?

I’ve got a unique analysis scenario I’m hoping someone may have know how to help. I’m analyzing a log that frequently gets overwritten over time. Endpoints typically have what I need in the morning as users log in, but later in the afternoon the logs get overwritten and the data from earlier in the day is lost. I’ve confirmed log retention is enabled for the service that is writing to it, but there are some other triggers outside my control which causes it to be overwritten.

I initially set it to an hourly period and used an “if exist” condition in the property expression so those logs with the missing data at least wouldn’t error out, but I still lose the required data as the day progressed. Then I tried to add relevance to the analysis itself so it would only evaluate the property if the data I’m looking for in the log exists. I was hoping it would only update that property when it exists and leave the last reported value as is, but unfortunately that just changes the value to “Not Relevant”.

Ideally I’d like to have the analysis only update the property if relevant, or otherwise it just reports the last relevant value, but I’m thinking that’s not possible. Can anyone confirm or provide any alternatives?

You are correct. Property will always evaluate on the desired frequency, can’t make it conditional re-evaluation. The only alternative that you have is to write yourself a quick “evaluation” fixlet, which will run only if your criteria is matched and create a copy of the data, and respectively if your data copy is not the same as the original. Once you have the data copy which you can control, you can create a property that picks the data from it.

That’s a good idea; I’ve done something similar by outputing commands to a text file, then having an analysis reads the file I created.

I’m not sure if I’ll continue with this method as I may not need these logs after all, but I’m sure it would work.

Thanks @ageorgiev