Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

RESOLVED - Create a chart from a converted number

marco_carolo
Path Finder
‎04-27-2021 05:33 AM

Hello there 😉

 

So, what I'm trying to do is the following.

I have inside the log all the slow queries.

I'm trying to create a chart to get from the timing of the slow queries, grouped by 10.

One bar counting the queries from 0 to 10 sec

the other from 10 to 20 and so on...

 

What I've done so far was that:

index="SUG" "slow query" | rex field=_raw "Slow Query (time: (?<OSY_timing>.*)s):" | eval OSY_new=round(tonumber(OSY_timing),-1) | stats count by OSY_new

 

Unfortunately, I'm not able to see any results inside OSY_new, where I should expect the values rounded by 10 (if I read the documentation correctly).

Any hint on how to do that?

 

Thanks.

 

P.s. I've the correct values inside OSY_timing

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

marco_carolo
Path Finder
‎04-27-2021 08:02 AM

Tested and verified. The problem was the missing trim...

View solution in original post

0 Karma
Reply
Solved! Jump to solution

marco_carolo
Path Finder
‎04-27-2021 06:30 AM

Resolved. The problem was in the name of the evaluated variable. Changed to something else solved the problem!

 

This works!

 

index="SUG" "slow query" | rex field=_raw "Slow Query (time: (?<OSY_timing>.*)s):" | eval VALORE = round(tonumber(trim(OSY_timing)),-1) | stats count by VALORE | sort VALORE

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎04-27-2021 07:48 AM

The name shouldn't have mattered, it looks more like the trim inside the tonumber was effective.

0 Karma
Reply
Solved! Jump to solution
Solution

marco_carolo
Path Finder
‎04-27-2021 08:02 AM

Tested and verified. The problem was the missing trim...

0 Karma
Reply
Solved! Jump to solution

marco_carolo
Path Finder
‎04-27-2021 07:55 AM

Yep, true, tried with the underscore value inside the name and it works... Dunno what happened here...

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...