Archive
Highlighted

Command 'search' can't compare two floating numbers

Explorer

I am writing a saved search to trigger and alert when a difference between values is higher than a threshold. A simplified version of my search is as follows. This threshold is expected to be a floating point number, and Splunk can't do correct comparison:

| NOOP | stats count|eval var1=2.1|eval var2=2.0|search var1 > var2
==> No results found. Try expanding the time range.

| NOOP | stats count|eval var1=2.1|eval var2=2.0|search var1 < var2
==> count var1 var2
0 2.1 2.0

Did I do something incorrectly?

Thanks

0 Karma
Highlighted

Re: Command 'search' can't compare two floating numbers

Champion

Try this!

| NOOP | stats count|eval var1=2.1|eval var2=2.0|where var1 > var2

View solution in original post

Highlighted

Re: Command 'search' can't compare two floating numbers

SplunkTrust
SplunkTrust

Hi thenhaque,

use where instead of search to compare field values:

| makeresults 
| stats count 
| eval var1=2.1 
| eval var2=2.0
| where var1 < var2

or

| makeresults 
| stats count 
| eval var1=2.1 
| eval var2=2.0
| where var1 > var2

Here is a bit more detail about where vs search commands https://answers.splunk.com/answers/50659/whats-the-difference-between-where-and-search-in-the-pipeli...

Hope this helps ...

cheers, MuS

Highlighted

Re: Command 'search' can't compare two floating numbers

Explorer

Thank you. This works wonderfully.

0 Karma
Highlighted

Re: Command 'search' can't compare two floating numbers

SplunkTrust
SplunkTrust

Use where instead of search
Try this
| NOOP | stats count|eval var1=2.1|eval var2=2.0| where var1 > var2

0 Karma
Highlighted

Re: Command 'search' can't compare two floating numbers

Explorer

Thanks for all your quick answers. They all work perfectly. I should have posted the question sooner so that I didn't have to spend an hour scratching my head 🙂

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.