Solved: Re: Convert Memory Count only if Value > 1000

matt4321 · ‎04-10-2018

I have data in the following format.

Value should be in Gb
MemoryCount=64

I have a few values that were improperly entered as Mb like below
MemoryCount=64000

I would like to see if it is possible to do an eval to detect any value over 1024 and divide it by 1024 to convert it to Gb.
I have tried the below and it did not work.
| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024)

Is there any way of accomplishing this?

matt4321

maciep · ‎04-10-2018

I think you just need the else param for your if function

| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024, MemoryCount)

View solution in original post

maciep · ‎04-10-2018

I think you just need the else param for your if function

| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024, MemoryCount)

matt4321 · ‎04-10-2018

Ahh ok I thought I was missing something. This worked perfectly!!

Convert Memory Count only if Value > 1000

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation