Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to replace high number digits with a letter?

omri_p
Engager
‎07-04-2019 07:04 AM

I have created several dashboards containing high numbers (millions or thousands)
in the dashboard i would like the results to show only the 1 - 2 digits and replace the rest with a dedicated letter (the same as at the glass table)
example:
the dashboard displays a refreshing result of 3,000,000 Millions events ----> i want to display 3M
13,000,000 Millions events ----> i want to display 13M
and the same if the results changes to thonsands

thanks

0 Karma
Reply

niketn
Legend
‎07-04-2019 08:05 AM

@omri_p in Splunk Enterprise 7.x has axis abbreviation available which when set to auto, results in closest SI prefix. Refer to documentation:https://docs.splunk.com/Documentation/Splunk/latest/Viz/ChartConfigurationReference#Area.2C_Bubble.2...

charting.axisX.abbreviation 
charting.axisY.abbreviation
charting.axisY2.abbreviation

PS: charting.axisY2.abbreviation is not supported for bubble and scatter charts.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

renjith_nair
Legend
‎07-04-2019 08:03 AM

@omri_p ,

Try using case,

| eval formatted_number=case(number>=1000000,round(number/1000000,1),number>=1000000,round(number/100000,1))
| eval unit=case(floor(number/1000000) > 1,"M",floor(number/100000) >1,"K")
| eval number=formatted_number.unit
| fields number

where number is your value field. You may extend the case conditions to cover all possible values

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply

mihir_hardas
Explorer
‎05-18-2022 09:42 AM

We need a sophisticated function, convert numeric function that will take care of such conversion of large number in millions, billions as 1.20M , 0.8B

0 Karma
Reply

tfujita_splunk
Splunk Employee
Splunk Employee
‎02-09-2023 01:41 AM

I have created macros for frequently used numeric conversions and published them on splunkbase to make them reusable.
It is packaged as a very simple and versatile addon with only about 30 macros.

- bytes to human readable size (e.g. KiB, MiB, GiB, ...)
- number to SI symbol expressions.(e.g. K, M, G, T,...)
- number to language specific expressions.(e.g. million, etc.)

https://splunkbase.splunk.com/app/6595

Usage is on Detail tab in the above web page.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...