Re: Splunk App for Jenkins: After adding three val...

cdgill · ‎01-29-2018

index= "blankforreasons" event_tag=job_event (type=started OR type=completed)  | dedup build_number  | eval job_result=if(type="started", "INPROGRESS", job_result) | convert timeformat="%Y-%m-%d %H:%M:%S" mktime(job_started_at) as epocTime  | eval Duration = if(isnull(job_duration), "", tostring(job_duration,"duration"))| eval total_Duration = job_duration + queue_time + test_summary.duration | table job_name build_number queue_time Duration test_summary.duration total_duration

Above is my current search query. Currently everything shows up perfectly fine except for my total_duration column, which shows no values at all. I assume I am doing the eval addition incorrectly? Any help would be greatly appreciated!

adonio · ‎01-31-2018

hello @cdgill,

try and run the search in verbose mode and look at the icons to the left of the fields: job_duration, queue_time and test_summary.duration as well as other fields that you eval.
check if they are numerical "#" to the left or string "@" to the left.
i assume one (or more) is a string and therefore can not be calculated with arithmetic functions.
if thats the case, use: eval num_field = tonumber(string_field) or other way and then run your last calculation

hope it solves it

Splunk App for Jenkins: After adding three values with eval in my search, why is the sum not showing in my results table?

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...