All Apps and Add-ons

How to round search result (Miliseconds)?

tobi2k
Explorer

Hi There,

with Google I already found numerous forum contributions to this topic - but unfortunately none worked.

I want to round a result (avg_ping in miliseconds) to whole numbers.

I tried that:

index="main" source="ping" | timechart latest(avg_ping) by dest | eval avg_ping = round(avg_ping,0)

But the result is unfortunately still not rounded: 21.535

Help is very welcome!

0 Karma

pgerke_cc
Explorer

Think that yould help you?

https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html

have to set "eval avg_ping=round(avg_ping,0)" to "eval avg_ping=round(avg_ping,2)"

0 Karma

vbumgarner
Contributor

Add as “as avg_ping” to your time chart command, or reference the results as 'latest(avg_ping)'

timechart latest(avg_ping) as avg_ping

or

'latest(avg_ping)' = round('latest(avg_ping)',0)
0 Karma

tobi2k
Explorer

Thank you for your answer.

The query

index="main" source="ping" | timechart latest(avg_ping) by dest 

results in:

_time   server1.net server2.net server3.net
2019-07-12 17:00:00 33.948  65.14   19.13
2019-07-12 17:30:00 22.779  51.48   21.58
2019-07-12 18:00:00 20.194  69.65   17.91

Its not clear for me how to address the field name for rounding.

0 Karma

HiroshiSatoh
Champion

Please look at my answer.

0 Karma

HiroshiSatoh
Champion

avg_ping does not exist. Please check the field name in the result of avg_ping.

 index="main" source="ping" | timechart latest(avg_ping) by dest 

It is easy if you do it first.

 index="main" source="ping" |eval avg_ping=round(avg_ping,0)
| timechart latest(avg_ping) by dest 
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...