More concise...
Splunk is a tool that can analyze and visualize various types of data.
The advantage of visualization is that you can understand what you could not understand before.
By showing the visualized results to others, we can have a common understanding and collaborate with each other.
I think this is one of the reasons why Splunk is a very useful tool.
However, as you become more familiar with Splunk's Search Processing Language (SPL), it tends to become longer and more cluttered.
Want to write SPL more concisely!
Start by making the numbers manageable.
Since Splunk can be described as a tool with a search function + analysis function, it handles various types of numbers depending on how the tool is used.
This time, I’ve created a macro library for unit conversion from the point of view what can be done to handle these "various types of numbers" in a more concise manner.
- Area: How many square feet is a square meter (㎡) ?
- Length: How many centimeters is an inch? How many feet, how many yards?
- Volume: How many liters are in a gallon?
- Temperature: How many degrees Celsius (°C) in Fahrenheit (°F)? How many Kelvin (K)?
- Data transfer rate: How many byte/s is a Mbps?
The following other units of measure are also supported for conversion. (Units in the same category can be converted to each other.)
List of units that can be converted by macro
| category | unit |
| Area | Acre[ac], Hectare[ha], Square foot[sq ft], Square inch[sq in], Square killometer[km2], Square meter[m2], Square mile[sq mi], Square yard[sq yd], Tatami mats[畳], Tsubo[坪] |
| Data Transfer Rate | Bit per second[bps], Byte per second[B/s], Gibibit per second[GiBit/s], Gigabit per second[Gbps], Gigabyte per second[GB/s], Kibibit per second[KiBit/s], Kibibyte per second[KiB/s], Kilobit per second[kbps], Kilobyte per second[KB/s], Mebibit per second[MiBit/s], Mebibyte per second[MiB/s], Megabit per second[Mbps], Megabyte per second[MB/s], Tebibit per second[TiBit/s], Tebibyte per second[TiB/s], Terabit per second[Tbps], Terabyte per second[TB/s] |
| Digital Storage | Bit[bit], Byte[bytes], Gibibit[GiBit], Gibibyte[GiB], Gigabit[Gbit], Gigabyte[GB], Kibibit[KiBit], Kibibyte[KiB], Kilobit[Kbit], Kilobyte[KB], Mebibit[MiBit], Mebibyte[MiB], Megabit[Mbit], Megabyte[MB], Pebibit[PiBit], Pebibyte[PiB], Petabit[Pbit], Petabyte[PB], Tebibit[TiBit], Tebibyte[TiB], Terabit[Tbit], Terabyte[TB] |
| Energy | British thermal unit[Btu], Electronvolt[eV], Foot-pound[ft lbf], Gram calorie[cal], Joule[J], Kilocalorie[kcal], Kilojoule[kJ], Kilowatt hour[kW-h], US therm[therm(US)], Watt hour[W-h] |
| Frequency | Gigahertz[GHz], Hertz[Hz], Kilohertz[kHz], Megahertz[MHz] |
| Fuel Economy | Kilometer per liter[km/L], Liter per 100 kilometers[l/100km], Miles per gallon (imperial)[mpg (Imp)], Miles per gallon[mpg (US)] |
| Length | Centimeter[cm], Foot[ft], Inch[in], Kilometer[km], Meter[m], Micrometer[μm], Mile[mi], Millimeter[mm], Nanometer[nm], Nautical mile[nmi], Yard[yd] |
| Mass | Gram[g], Imperial ton[long tn], Kilogram[kg], Metric ton[t], Microgram[μg], Milligram[mg], Ounce[oz av], Pound[lb av], Stone[st], US ton[sh tn] |
| Plane Angle | Arcsecond[″], Degree[°], Gradian[grad], Milliradian[μ], Minute of arc[′], Radian[rad] |
| Pressure | Bar[bar], Pascal[Pa], Pound-force per square inch[psi], Standard atmosphere[atm], Torr[Torr] |
| Speed | Foot per second[fps], Kilometer per hour[km/h], Knot[kn], Meter per second[m/s], Mille per hour[mph] |
| Temperature | Degree Celsius[°C], Fahrenheit[°F], Kelvin[K] |
| Time | Calender year[y], Century[C], Day[d], Decade[decade], Hour[h], Microsecond[μs], Millisecond[ms], Minute[min], Month[mo], Nanosecond[ns], Second[s], Week[wk] |
| Volume | Cubic foot[cu ft], Cubic inch[cu in], Cubic meter[m3], Imperial cup[c (Imp)], Imperial fluid ounce[fl oz (Imp)], Imperial gallon[gal (Imp)], Imperial pint[pt (Imp)], Imperial quart[qt (Imp)], Imperial tablespoon[tbsp (Imp)], Imperial teaspoon[tsp (Imp)], Liter[l], Milliliter[ml], US fluid ounce[US fl oz], US legal cup[c (US)], US liquid gallon[gal (US)], US liquid pint[pt (US fl)], US liquid quart[qt (US)], US tablespoon[tbsp (US)], US teaspoon[tsp (US)] |
A bit useful dashboard where you can find macros and learn how to use them
It can also be used as a quick reference table for unit conversions.
Drill down (click on the table) to open a sample SPL in a search.
Legend of macro usage
| eval FieldAfterConversion = `numeral_UnitBefore_to_UnitAfter(FieldBeforeConversion)`
There is also a dashboard for checking how to use macros that display large numbers with expression such as "150 million", and macros that convert the number of bytes into human easy readable units.
When you finish researching and decide that you don't need the UI screen anymore, you can hide the UI and continue using only the macros.
Steps to hide apps:
"Manage App" → "Edit Properties" of Numeral system macros for Splunk → Visible: Check "No" → "Save"
Let's give it a try!
Numeral system macros for Splunk
https://splunkbase.splunk.com/app/6595
(Please rate this app ★★★★★!)
