Using Splunk, how do I convert bytes to Kb, Mb, Gb...

maryamchar · ‎10-15-2018

hello,
I'm new to Splunk, I would like to find how many KB/sec used in "_internal" source and convert that to GB/sec.

Could you please help me writting a query for that. I'm using Splunk Enterprise serach and trying to show the results in a dashboard where it shows both KB/sec and GB/sec. maybe show the results in a graph or chart or table.

what i have so far:

index="_internal" source="*mertrics.log" group= per_sourcetype_thruput

Thank you in advance!

pramit46 · ‎10-15-2018

Are you looking for something like this?

index="_internal" group=per_sourcetype_thruput| eval mbps=kbps/1024, gbps=mbps/1024| table kbps, mbps, gbps

You don't always need to look into index for these type of conversion. You can use something like below:

|makeresults| eval kb=1024| eval mb=kb/1024| table kb, mb

Let me know if this helps.

maryamchar · ‎10-15-2018

The above query didn't work i got an error message
" Fields cannot be assigned a boolean results"
Yes what you're tying to show me that's what i'm trying to have. Something where it shows conversion from Kb/sec, GB/sec, MB/sec in a table

pramit46 · ‎10-16-2018

I tried both the lines in my local environment and they worked just fine. Can you please just post the screenshot of the error and the query you are running? I guess something is missing somewhere.

maryamchar · ‎10-16-2018

No problem, i got it to work in a different way. Thank you for help!

Vijeta · ‎10-15-2018

Any sample data?

maryamchar · ‎10-15-2018

i don't have sample data, i'm just using index="_internal" source="*mertrics.log" group= per_sourcetype_thruput

Using Splunk, how do I convert bytes to Kb, Mb, Gb in a table?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!