Solved: Convert Memory Count only if Value > 1000

matt4321 · ‎04-10-2018

I have data in the following format.

Value should be in Gb
MemoryCount=64

I have a few values that were improperly entered as Mb like below
MemoryCount=64000

I would like to see if it is possible to do an eval to detect any value over 1024 and divide it by 1024 to convert it to Gb.
I have tried the below and it did not work.
| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024)

Is there any way of accomplishing this?

matt4321

maciep · ‎04-10-2018

I think you just need the else param for your if function

| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024, MemoryCount)

View solution in original post

maciep · ‎04-10-2018

I think you just need the else param for your if function

| eval MemoryCount=if(MemoryCount>1000, MemoryCount/1024, MemoryCount)

matt4321 · ‎04-10-2018

Ahh ok I thought I was missing something. This worked perfectly!!

Convert Memory Count only if Value > 1000

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

Convert Memory Count only if Value > 1000

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2