One way to solve it would be to force certain values depending upon conditions:
| makeresults
| eval data="2019-04-06:12:01:00 200;
2019-04-06:12:02:00 205;
2019-04-06:12:03:00 210;
2019-04-06:12:04:00 203;
2019-04-06:12:05:00 204;
2019-04-06:12:06:00 9000;
2019-04-06:12:07:00 0;
2019-04-06:12:08:00 0;
2019-04-06:12:09:00 200"
| makemv data delim=";"
| mvexpand data
| rex field=data "(\s|\n?)(?<data>.*)"
| makemv data delim=" "
| eval _time=strptime(mvindex(data,0),"%Y-%m-%d:%H:%M:%S"),val=mvindex(data,1)
| autoregress val p=1
| eval newval=if(val-val_p1>100 AND val_p1>0,0,val)
| fields _time newval
This solution creates dummy time series data for illustration purposes.
It uses autoregress to allow comparisons with nearby rows. You'll have to find the right threshold (I chose 100) to trigger it to assign zero. You can expose the underlying fields by removing the last line. Try using autoregress with p=1-2 or p=1-3 to fine tune the amount of lookback, depending on the shape of your data.
You can also look for a ratio over a certain comfort level:
| autoregress val p=1
| eval ratio=abs(val/val_p1)
| eval newval=if(ratio>10,0,val)
... View more