All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Jenkins: After adding three values with eval in my search, why is the sum not showing in my results table?

cdgill
Explorer
‎01-29-2018 11:50 AM 
index= "blankforreasons" event_tag=job_event (type=started OR type=completed)  | dedup build_number  | eval job_result=if(type="started", "INPROGRESS", job_result) | convert timeformat="%Y-%m-%d %H:%M:%S" mktime(job_started_at) as epocTime  | eval Duration = if(isnull(job_duration), "", tostring(job_duration,"duration"))| eval total_Duration = job_duration + queue_time + test_summary.duration | table job_name build_number queue_time Duration test_summary.duration total_duration

Above is my current search query. Currently everything shows up perfectly fine except for my total_duration column, which shows no values at all. I assume I am doing the eval addition incorrectly? Any help would be greatly appreciated!

0 Karma
Reply

adonio
Ultra Champion
‎01-31-2018 05:00 AM

hello @cdgill,

try and run the search in verbose mode and look at the icons to the left of the fields: job_duration, queue_time and test_summary.duration as well as other fields that you eval.
check if they are numerical "#" to the left or string "@" to the left.
i assume one (or more) is a string and therefore can not be calculated with arithmetic functions.
if thats the case, use: eval num_field = tonumber(string_field) or other way and then run your last calculation

hope it solves it

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...