Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to convert String values into factor variable?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-18-2018
06:18 AM
I have string fields; an example is "URL".
I want it to convert it to numeric / factor variable to perform statistical calculation.
Example:
Field URL contains values like
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Blunk.com/
https://answers.Aplunk.com/
https://answers.Bplunk.com/
https://answers.Bplunk.com/
https://answers.Cplunk.com/
It should be converted into 1, 2, 2, 1, 2, 2, 3
(All the 1's are same type of string, 2's are same type string, and same goes with 3)
I hope I explain it correctly.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damien_chillet
Builder
04-18-2018
06:45 AM
| table <your_field>
| sort <your_field>
| streamstats dc(<your_field>) as num
Where is the field containing url
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damien_chillet
Builder
04-18-2018
06:45 AM
| table <your_field>
| sort <your_field>
| streamstats dc(<your_field>) as num
Where is the field containing url
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
04-18-2018
06:40 AM
Why would you need to convert the URL to a numeric value to be able to perform statistical calculations?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-18-2018
06:42 AM
I want to know how many times that specific http request is requested and what were the corresponding response times for all those requests ... and some similar other calculation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
04-18-2018
07:08 AM
But that can simply be done by | stats count by url right? No need to convert it to a number first.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-18-2018
07:38 AM
Thanks Frank. Your suggestion serves the purpose. In @damien_chillet 's suggestion I am able to see the urls and I can add another value next to it , like response time.
Example : If xxx.yyy.zzz is called 4 times , then how much time it took to respond in all those four calls separately. I am able to see it easily.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damien_chillet
Builder
04-18-2018
06:30 AM
Not sure that will work with your use case, but could you try add the following to your search
| sort <your_field>
| streamstats dc(<your_field>) as num
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-18-2018
07:11 AM
@damien_chillet
As it appears, You Sir have solved my problem.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damien_chillet
Builder
04-18-2018
07:14 AM
Glad it worked!
I have converted my comment as an answer.
Could you please accept it to close the question?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
damien_chillet
Builder
04-18-2018
07:17 AM
Note: you might want to look at @FrankVI comments, you may well be able to retrieve stats without converting to numeric in the first place (unless what you wanna do is very specific and original 🙂 )
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-18-2018
06:37 AM
I tried it. Not quite sure what it did. I am hoping to see the result in a table format. Then it would be easy for me to see and verify the result.
Get Updates on the Splunk Community!
Enhance Your Splunk App Development: New Tools & Support
UCC FrameworkAdd-on Builder has been around for quite some time. It helps build Splunk apps faster, but it ...
Prove Your Splunk Prowess at .conf25—No Prereqs Required!
Your Next Big Security Credential: No Prerequisites Needed
We know you’ve got the skills, and now, earning the ...
Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code
This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
