All Apps and Add-ons

How to round search result (Miliseconds)?

Explorer

Hi There,

with Google I already found numerous forum contributions to this topic - but unfortunately none worked.

I want to round a result (avg_ping in miliseconds) to whole numbers.

I tried that:

index="main" source="ping" | timechart latest(avg_ping) by dest | eval avg_ping = round(avg_ping,0)

But the result is unfortunately still not rounded: 21.535

Help is very welcome!

0 Karma

Path Finder

Think that yould help you?

https://answers.splunk.com/answers/667635/how-to-round-a-millisecond-output.html

have to set "eval avgping=round(avgping,0)" to "eval avgping=round(avgping,2)"

0 Karma

Contributor

Add as “as avgping” to your time chart command, or reference the results as 'latest(avgping)'

timechart latest(avg_ping) as avg_ping

or

'latest(avg_ping)' = round('latest(avg_ping)',0)
0 Karma

Explorer

Thank you for your answer.

The query

index="main" source="ping" | timechart latest(avg_ping) by dest 

results in:

_time   server1.net server2.net server3.net
2019-07-12 17:00:00 33.948  65.14   19.13
2019-07-12 17:30:00 22.779  51.48   21.58
2019-07-12 18:00:00 20.194  69.65   17.91

Its not clear for me how to address the field name for rounding.

0 Karma

Champion

Please look at my answer.

0 Karma

Champion

avgping does not exist. Please check the field name in the result of avgping.

 index="main" source="ping" | timechart latest(avg_ping) by dest 

It is easy if you do it first.

 index="main" source="ping" |eval avg_ping=round(avg_ping,0)
| timechart latest(avg_ping) by dest 
0 Karma