Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to replace high number digits with a letter?

omri_p
Engager
‎07-04-2019 07:04 AM

I have created several dashboards containing high numbers (millions or thousands)
in the dashboard i would like the results to show only the 1 - 2 digits and replace the rest with a dedicated letter (the same as at the glass table)
example:
the dashboard displays a refreshing result of 3,000,000 Millions events ----> i want to display 3M
13,000,000 Millions events ----> i want to display 13M
and the same if the results changes to thonsands

thanks

Labels (1)
Labels
0 Karma
Reply

niketn
Legend
‎07-04-2019 08:05 AM

@omri_p in Splunk Enterprise 7.x has axis abbreviation available which when set to auto, results in closest SI prefix. Refer to documentation:https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartConfigurationReference#Area.2C_Bubble.2...

charting.axisX.abbreviation 
charting.axisY.abbreviation
charting.axisY2.abbreviation

PS: charting.axisY2.abbreviation is not supported for bubble and scatter charts.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

renjith_nair
Legend
‎07-04-2019 08:03 AM

@omri_p ,

Try using case,

| eval formatted_number=case(number>=1000000,round(number/1000000,1),number>=1000000,round(number/100000,1))
| eval unit=case(floor(number/1000000) > 1,"M",floor(number/100000) >1,"K")
| eval number=formatted_number.unit
| fields number

where number is your value field. You may extend the case conditions to cover all possible values

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

mihir_hardas
Explorer
‎05-18-2022 09:42 AM

We need a sophisticated function, convert numeric function that will take care of such conversion of large number in millions, billions as 1.20M , 0.8B

0 Karma
Reply

tfujita_splunk
Splunk Employee
Splunk Employee
‎02-09-2023 01:41 AM

I have created macros for frequently used numeric conversions and published them on splunkbase to make them reusable.
It is packaged as a very simple and versatile addon with only about 30 macros.

- bytes to human readable size (e.g. KiB, MiB, GiB, ...)
- number to SI symbol expressions.(e.g. K, M, G, T,...)
- number to language specific expressions.(e.g. million, etc.)

https://splunkbase.splunk.com/app/6595

Usage is on Detail tab in the above web page.

0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...