Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Converting MB to GB

kesrich
Explorer
‎06-25-2020 11:48 AM

Hi, I am very new to Splunk reporting and I am trying to change a timechart I have to show in GB since we are using a 4TB disk share. Below is my search query. It comes up OK, but just trying to make it more friendly.

index=perfmon host=ServerName eventtype=perfmon_windows NetShare14| timechart span=24h avg(Free_Megabytes) as MB_Free

Thanks

Kesrich

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-25-2020 12:49 PM

Use eval to convert the values.

index=perfmon host=ServerName eventtype=perfmon_windows NetShare14
| eval GB_Free = Free_Megabytes/1024
| timechart span=24h avg(GB_Free) as GB_Free
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

kesrich
Explorer
‎06-29-2020 08:23 AM

Thanks everyone for the suggestions. I wasn't familiar with "eval". That helped.

 

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎06-26-2020 09:45 AM

Actually reverse perform timechart to get daily data hoping even if you are querying 1 year of data it will be 365 rows. Then apply eval

index=perfmon host=ServerName eventtype=perfmon_windows NetShare14
| timechart span=24h avg(Free_Megabytes) as GB_Free
| eval GB_Free=round(GB_Free,2)

Read more about eval command in Splunk Documentation: https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Eval 

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

MattibergB
Path Finder
‎06-25-2020 12:51 PM

You could try to use the following before your timechart: | eval GB_Free=(Free_Megabytes/1024).

Then change your timechart to the following:

| timechart span=24h avg(GB_Free) as GB_Free

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-25-2020 12:49 PM

Use eval to convert the values.

index=perfmon host=ServerName eventtype=perfmon_windows NetShare14
| eval GB_Free = Free_Megabytes/1024
| timechart span=24h avg(GB_Free) as GB_Free
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...