Hi There,
with Google I already found numerous forum contributions to this topic - but unfortunately none worked.
I want to round a result (avg_ping in miliseconds) to whole numbers.
I tried that:
index="main" source="ping" | timechart latest(avg_ping) by dest | eval avg_ping = round(avg_ping,0)
But the result is unfortunately still not rounded: 21.535
Help is very welcome!
Think that yould help you?
https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html
have to set "eval avg_ping=round(avg_ping,0)" to "eval avg_ping=round(avg_ping,2)"
Add as “as avg_ping” to your time chart command, or reference the results as 'latest(avg_ping)'
timechart latest(avg_ping) as avg_ping
or
'latest(avg_ping)' = round('latest(avg_ping)',0)
Thank you for your answer.
The query
index="main" source="ping" | timechart latest(avg_ping) by dest
results in:
_time server1.net server2.net server3.net
2019-07-12 17:00:00 33.948 65.14 19.13
2019-07-12 17:30:00 22.779 51.48 21.58
2019-07-12 18:00:00 20.194 69.65 17.91
Its not clear for me how to address the field name for rounding.
Please look at my answer.
avg_ping does not exist. Please check the field name in the result of avg_ping.
index="main" source="ping" | timechart latest(avg_ping) by dest
It is easy if you do it first.
index="main" source="ping" |eval avg_ping=round(avg_ping,0)
| timechart latest(avg_ping) by dest