Archive

Easy way to convert bits into bytes and kb

Communicator

one of the values in my log is sent and received I believe it's bytes. I would like to display those as Kb and Mb. Using commas would also be great. Is there any easy way to tell splunk to do this?

here is my sample log:

Jun 24 16:22:55 10.0.59.59 id=firewall sn=0017C569F354 time="2013-06-24 16:22:55" fw=10.0.59.59 pri=6 c=1024 m=537 msg="Connection Closed" app=49176 sess=Web n=3641361 usr="admin" src=10.103.62.80:32826:X1 dst=10.0.59.59:80:X1 proto=tcp/http sent=716 rcvd=472

near the end you see: sent=716 and rcvd=472. I would like to display those like

Sent: 716 bytes
Received: 472 bytes
If they were larger like this log

Jun 24 16:22:53 10.0.59.59 id=firewall sn=0017C569F354 time="2013-06-24 16:22:53" fw=10.0.59.59 pri=6 c=1024 m=537 msg="Connection Closed" app=49176 sess=Web n=3641359 usr="admin" src=10.103.62.80:32825:X1 dst=10.0.59.59:80:X1 proto=tcp/http sent=791 rcvd=3742

then it would be:
sent: 791 bytes
received: 3.6 Kb

Tags (2)

Ultra Champion

I would use something like - eval bytes = round(bytes/1024/1024,2) | rename bytes as "total(MB)". For something like this, we can use a search macro - http://docs.splunk.com/Documentation/Splunk/6.0.4/Search/Usesearchmacros.

0 Karma

Explorer

I wrote a Splunk app, "Humanize", to help with this situation: https://splunkbase.splunk.com/app/3104/

My app will convert a number in bytes to a human-friendly representation - KB, MB, GB, etc.

Please let me know if you have any feedback so I can improve the app!

0 Karma

Path Finder

Your App is not visible in Splunkbase.

0 Karma

Explorer

Ahh, thanks for letting me know. I emailed support and they just released it.

0 Karma

Communicator

One way to do it is with the eval command.

...|eval kb_rcvd=(rcvd/1024)

However, this would not scale with MB, etc. If the values are usally in the bytes/KB it might be worth a shot.

0 Karma

Builder

in order to have commas:

fieldformat AVG=tostring(AVG,"commas") 

in order to be showing Kb or bytes or any other you will need to play with eval and case to have your condition sentences. It all should work nice and pretty

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!